At 05:39 AM 9/16/2005, Jeremiah Martell wrote: >Thanks for the reply. However, my system is setup correctly for cross-realm >authentication. I have another application that does it perfectly fine, so >it's not how my system are setup.
You should get Cyrus SASL test programs working, then get ldapwhoami(1) working with SASL, then worry about your own programs. Discussions of the Cyrus SASL test programs should be taken to the Cyrus SASL mailing list. >Anybody have any experience on how to correctly use >ldap_sasl_interactive_bind_s? Yes. See ldapwhoami code in clients/tools. >I know my "interact function" get's asked for >some values, and currently I return nothing. I've tried to return a valid >realm but it doesn't seem to get used (verified with ethereal). Any ideas? Because in Cyrus SASL the Kerberos realm in the Kerberos ticket is always used in the case of the GSSAPI mechanism. As Dieter hinted, getting cross-realm authentication to work is not really specific to OpenLDAP Software. If you get the Cyrus SASL test programs working, one should be able to get every program (such as those in OpenLDAP Software) using Cyrus SASL should without significant hassle. Kurt >Thanks, > >- Jeremiah >[EMAIL PROTECTED] > >On 9/16/05, Dieter Kluenter <[EMAIL PROTECTED]> wrote: >> >> Jeremiah Martell <[EMAIL PROTECTED]> writes: >> >> > Hello, >> > >> > Is there any documentation on this function? I'm able to get openldap to >> > successfully use this function to authenticate to a ldap directory with >> > SASL/GSSAPI when my kerberos credentials and the ldap directory are in >> the >> > same realm. But when my credentials and the ldap directory are in >> different >> > realms, it's failing. I'm not sure what to pass this function to make >> > multi-realm logins work. Any ideas? >> >> This is a kerberos related question. Set up your system to cross realm >> authentication and two way trust relation. >> >> -Dieter >> >> -- >> Dieter Klünter | Systemberatung >> http://www.dkluenter.de >> GPG Key ID:8EF7B6C6 >> >>
