SASL GSSAPI "authorization identity" and padding
Michael B Allen
mba2000 at ioplex.com
Tue Oct 17 20:52:05 EDT 2006
Hey,
After the SASL "GSSAPI" method has authenticated gss_wrap is called
with some data to be used with ldap_sasl_bind_s. This data is 1)
a confidentiality and integrity bitmask, 2) the maximum buffer size
accepted by the client, and 3) the "authorization identity".
What is the "authorization identity"? Is it a UPN or ...?
Also, RFC 2222 and others claim the data must be padded to a multiple of
8 but I don't see that padding using ldapsearch with cyrus-sasl. Is
there supposed to be padding or not?
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list