[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL interoperability fix (ITS#2994)

To: openldap-its@OpenLDAP.org
Subject: Re: SASL interoperability fix (ITS#2994)
From: lukeh@PADL.COM
Date: Thu, 4 Mar 2004 05:04:30 GMT

FWIW Cyrus SASL returns a zero-length string, not NULL, on the last
leg of a GSS-API authentication.

If we are to respect the difference between the two, shouldn't slapd
only return serverSaslCreds if the SASL library returns NULL?

I tested some alternative server implementations of the GSSAPI
SASL mechanism:

- Active Directory returns serverSaslCreds with length zero

- PADL GSS-SASL doesn't return serverSaslCreds (as far as I can
  tell from the code, I didn't actually look at a packet trace)

Did this ever come up in the working group?

We should find out what Sun DS 5.2 does for GSSAPI... 

-- Luke

Prev by Date: Re: SASL interoperability fix (ITS#2994)
Next by Date: Re: SASL interoperability fix (ITS#2994)
Index(es):
- Chronological
- Thread