One last thing just popped in my head. You might want to run a packet sniffer (I use ethereal) while testing your code. Your situation sounds similar to one I encountered a couple of months ago, and I have a hunch your code is automatically rebinding to "referred" LDAP servers without encrypting the username and password. Obviously, that would defeat the purpose of using SASL/GSSAPI.
In general, it's a good idea to run a packet sniffer when testing/debugging any network application. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
