[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported

To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
From: Howard Chu <hyc@highlandsun.com>
Date: Sun, 29 May 2005 08:47:35 -0700
Cc: heimdal-discuss@sics.se
In-Reply-To: <am8y1y9i03.fsf@nutcracker.it.su.se>
References: <42959FF8.9080807@ng.fadesa.es> <429915DB.5040108@highlandsun.com> <am8y1y9i03.fsf@nutcracker.it.su.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050516

Love Hörnquist Åstrand wrote:
> Howard Chu <hyc@highlandsun.com> writes:
>>That's just the way the Heimdal code is written. You didn't mention
>>what OS you're running on. Your system needs to support some form of
>>credential passing over Unix domain sockets in order for this to
>>work. The OpenLDAP code currently supports the original 4.3 BSD Unix
>>domain socket semantics, current Linux versions, AIX, and Solaris/SVR4.

> How is solaris supported, by checking that the socket is owned by the right
> uid and have a restrictive enough mask ?

Unfortunately, nothing so simple, as the actual socket's permissions are 
meaningless. A file descriptor is created by the client, and passed to 
the server. The server fstat's the descriptor to get the uid/gid and 
check the mask of that descriptor (which must only allow owner privs and 
nothing else).

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.       Director, Highland Sun
   http://www.symas.com               http://highlandsun.com/hyc
   Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
  - From: Howard Chu <hyc@highlandsun.com>
- Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
Next by Date: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
Prev by thread: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
Next by thread: Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported
Index(es):
- Date
- Thread