IPv6 handling in SASL LDAP binding

Xu, Qiang (FXSGSC) Qiang.Xu at fujixerox.com
Thu Aug 6 21:27:35 EDT 2009


> -----Original Message-----
> From: kerberos-bounces at mit.edu 
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Russ Allbery
> Sent: Thursday, August 06, 2009 11:56 PM
> To: kerberos at mit.edu
> Subject: Re: IPv6 handling in SASL LDAP binding
> 
> I have no idea if Cyrus SASL supports IPv6 or not, but try 
> using [3ffe:2000:0:1:e0be:1872:d4f8:6b2c] instead.  The 
> brackets disambiguate
> IPv6 address literals from hostnames with ports.

I have seeked help from Cyrus SASL community. Some ppl told me that this seems not a bug of Cyrus-SASL libraries, e.g. "/usr/lib/sasl2/libgssapiv2.so is calling /lib/libgssapi_krb5.so to locate the Kerberos authentication server".

By the way, I can't add brackets to the IPv6 address. In fact, the real scenario is that the Kerberos server is configured with a hostname. And there is an option in our DNS setting to enable "Prefer IPv6 address over IPv4 address". This way, when DNS resolves the Kerberos server's hostname, it gets IPv6 address, and this is used to located the Kerberos server and initiate the TGS-REQ request.

But, alas, since the server can't be located with IPv6 address, TGS-REQ is never sent out, and SASL binding fails.

Could you tell me if the plugin "/lib/libgssapi_krb5.so" can handle IPv6 address?

Thanks,
Xu Qiang



More information about the Kerberos mailing list