Hi, all:
Usually, before sasl binding, GSSAPI library will initiate a reverse DNS lookup
(PTR query) to find the server's FQDN, then issue a request for TGT (TGS-REQ)
to get the service ticket. After that, sasl binding will begin.
On some occasion, I find a network trace (captured during sasl binding) that
doesn't do the reverse DNS lookup. Instead, it does a simple binding first, to
get the attribute "ldapServiceName". Then, after some DNS lookups (but without
PTR query), TGS-REQ is sent out and TGS_REP is received. After that, sasl
binding begins. It seems with this attribute passed in, the reserse DNS lookup
is not necessary any more.
But, in MozLDAP, the sasl interface is "ldap_sasl_interactive_bind_ext_s()",
with the prototype:
======================================================================
ldap_sasl_interactive_bind_ext_s( LDAP *ld, const char *dn,
const char *saslMechanism,
LDAPControl **sctrl, LDAPControl **cctrl, unsigned flags,
LDAP_SASL_INTERACT_PROC *callback, void *defaults, LDAPControl ***rctrl
)
======================================================================
I can't find any argument associated with the service ticket. Or, is there any
other interface to use?
Thanks,
Xu Qiang
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
