Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported

[Love Hörnquist Åstrand <lha@kth.se>]

Howard Chu <hyc@highlandsun.com> writes:

>> How is solaris supported, by checking that the socket is owned by the right
>> uid and have a restrictive enough mask ?
>
> Unfortunately, nothing so simple, as the actual socket's permissions
> are meaningless. A file descriptor is created by the client, and
> passed to the server. The server fstat's the descriptor to get the
> uid/gid and check the mask of that descriptor (which must only allow
> owner privs and nothing else).

Ah, that would work too. Since I hade started to write door support, I
finished up that instead. Solaris 10 have getpeerucred() that seem to work,
but I want to support pre solaris 10 too.

Love

PGP signature