Multiple principals in a single application
Bernardo Pastorelli
berpast at hotmail.com
Sun May 19 10:44:44 EDT 2013
Hi Nico,
I run on an OS where the available version of the cyrus-sasl library does not support SASL_GSS_CREDS.
So openldap has LDAP_OPT_X_SASL_GSS_CREDS, but then when calling cyrus-sasl, it fails because it is not able to handle SASL_GSS_CREDS.
This is the reason why my code is failing (I didn't properly check the return codes). Is there any alternative to setting this option?
Regards,
Bernardo
> Date: Wed, 8 May 2013 06:47:34 -0500
> Subject: Re: Multiple principals in a single application
> From: nico at cryptonector.com
> To: berpast at hotmail.com
> CC: kerberos at mit.edu
>
> On Wed, May 8, 2013 at 2:05 AM, Bernardo Pastorelli <berpast at hotmail.com> wrote:
> > My application uses openldap and GSSAPI to connect to a remote LDAP server. GSSAPI leverages kerberos as the transport mechanism.
>
> a) It's one user at a time per-connection for LDAP. You can't
> multiplex multiple user's LDAP PDUs over a single connection.
>
> b) First use gss_acquire_cred() with the given user's gss_name_t as
> the desired name, then call ldap_int_sasl_set_option() with
> LDAP_OPT_X_SASL_GSS_CREDS as the option and the gss_cred_id_t as the
> value.
>
> c) Then call ldap_sasl_bind_s().
>
> You need a version of OpenLDAP that has this option, and a version of
> Cyrus SASL that has the SASL_GSS_CREDS options. But IIRC they've had
> these for several years now.
>
> Nico
> --
More information about the Kerberos
mailing list