"Newman, Edward (GTI)" <[EMAIL PROTECTED]> writes:
> Just wanted to confirm whether SASL support is currently broken in 5.0.2
> with all outstanding patches applied.
Not sure what patches you're talking about, but the git tree is
definitely broken.
>
> Debug of code suggests following issues:
>
> - Makefile has invalid test for HAVE_SASL in configure.in and thus
> doesn't include correct libraries (-z instead of -n in test step)
I'll take your word for it.
> - patched code in connect_to_server in lookup_ldap.c does not call
> auth_init prior to testing for auth_required and thus fails SASL in all
> cases
Yes, that was broken by the following commit:
commit acd6985801f401f8513627a5fd1eb0753c3f2e40
Author: Ian Kent <[EMAIL PROTECTED]>
Date: Mon Sep 24 13:07:36 2007 +0800
- add LDAP_URI, LDAP_TIMEOUT and LDAP_NETWORK_TIMEOUT
configuration options.
> - order of code sequence currently fails to enable SASL correctly.
Not sure what you mean by this, unless it's just a summary ove the
above points.
> I am also trying to use an existing keytab for Kerberos GSSAPI
> authentication to directory and currently sasl_kinit code appears to
> fail. Haven't worked out exact cause yet but appears to not passing a
> keytab name and environment is not picking up location from krb5.conf.
The code uses the system keytab, though I have a request to allow the
user to specify a keytab file. We set up the KRB5CCNAME environment
variable, and that should be picked up by the krb5 libs.
How did you configure /etc/autofs_ldap_auth.conf?
> Please confirm above and whether this is being actively worked on at
> this time.
I did the initial work on this, but have not tested since its merge.
I'm glad to hear someone is going to use it! Are you volunteering to
help fix this?
-Jeff
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
