IPv6 handling in SASL LDAP binding
Xu, Qiang (FXSGSC)
Qiang.Xu at fujixerox.com
Thu Aug 6 04:36:50 EDT 2009
Hi, all:
I found SASL LDAP binding will fail mad if an IPv6 address of Kerberos authentication server is passed to it. It just can't recognize the IPv6 address, and would take it as a hostname.
For example, the IPv6 address of the Kerberos server is "3ffe:2000:0:1:e0be:1872:d4f8:6b2c", and the authentication domain is "xcipv6.com". When this IPv6 address is passed in, the address would be looked on as in a form of "hostname:port", so would split the address at the first colon, and combine it with the domain name, to form an FQDN "3ffe.xcipv6.com". Then it would try to resolve this FQDN to get the IPv4 address. Of course, the resolving would lead to an error. And SASL binding can't go through.
When I configure the printer to use IPv4 address of the Kerberos server, SASL LDAP binding works well.
P.S. I am using MozLDAP 6.0.5 plus Cyrus-SASL 2.1.22, plus MIT Kerberos v5 libraries. Could it be a problem arising from MIT distribution?
Thanks,
Xu Qiang
More information about the Kerberos
mailing list