Updates (multi-realm) to Leash32...

Ken Hornstein kenh at cmf.nrl.navy.mil
Fri Jan 10 16:52:01 EST 2003

>> In my years of using Kerberos 5, I've _never_ seen a Kerberized
>> application that let you pick which principal you should be use to
>> authenticate.  I'm not counting the old Unix trick of setting the
>> KRB5CCNAME environment variable.
>I think the OpenLDAP tools, with SASL, let you do this sort of thing.

I've written plenty of SASL applications (using Cyrus-SASL), and I can
assure you I've never seen that capability within Cyrus-SASL ... and
I am pretty sure that OpenLDAP uses Cyrus-SASL.  And in fact .... I am
not sure how you would do it within the context of GSSAPI (but it
may be possible; I have never claimed to be a GSSAPI expert).


More information about the krbdev mailing list