Hi, I have an LDAP system that presently works on plain clear-text password authentication system.
I am trying to Kerberize the LDAP client(the LDAP server supports the same).As I am a bit new to this Kerberos world I need some help regarding this. I know that I have to use the ldap_sasl_bind() extension in my client for the same. I have gone roughly through the "Netscape Directory SDK for C"(http://developer.netscape.com/docs/manuals/dirsdk/csdk30/contents.htm) from the site www.mozilla.org .The ldap_sasl_bind() prototype looks like this: int ldap_sasl_bind ( LDAP *ld, const char *dn, const char *mechanism, struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp ); I am confused over the way the authentication information are passed to the variable "cred" above, for Kerberos. I have gone through some documentation and I have fund that many people use the GSSAPI to use SASL for Kerveros 5. I have downloaded the Cyrus GSSAPI but due to the lack to documentation I still am not very clear about how the whole thing would look in a program flow. 1. Am I on the right track for the solution of my problem. 2. If I can use the SASL for Kerberos using GSSAPI can you please elaborate how do I do this exactly or I would be great if you can give me some source of information about the same.The information in "Netscape Directory SDK for C" (http://developer.netscape.com/docs/manuals/dirsdk/csdk30/contents.htm) is not very clear as to how the Kerberos related authentiation credentials are sent to the Kerberos Server. 3. How does the GSSAPI for Kerberos(getting the Kerberos credentials) combine with the API in "Netscape Directory SDK for C" (the ldap_sasl_bind() )? 3. Please dont suggest me some JAVA API or SDK. 4. If you have worked with Kerberos 5 with LDAP I would very much appreciate your great inputs. That would really help a novice like me. Regards, Shuvabrata.//
