[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cross Realm HELP
- To: heimdal-discuss@sics.se
- Subject: Cross Realm HELP
- From: Jeremiah Martell <inlovewithgod@gmail.com>
- Date: Tue, 20 Sep 2005 12:48:28 -0400
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=sL8oErSEXb7cE+6Ws2jS1kRlGg8bMlpNWh8ySIBVJzB8CPbCFw+mJj+xPBFPxMxapkLg5DpSD3+hWXn2XpojtunR1vmzPFmvIIzspF02bE/t6ZamTlwhAg89Ev+yS+RjHwtUqnmhOA0AFWlBlyOcTgZAaByxIjYARzw8UqXFQoI=
- Reply-To: Jeremiah Martell <inlovewithgod@gmail.com>
- Sender: owner-heimdal-discuss@sics.se
Hello,
I'm currently using Heimdal Kerberos, Cyrus SASL, and OpenLDAP in a project.
I can authenticate users using Heimdal Kerberos by doing the following:
krb5_init_context( &krbcontext );
krb5_make_principal( krbcontext, &krbprincipal, realm, username, NULL );
krb5_get_init_creds_password( krbcontext, &krbcreds, krbprincipal, password, NULL, NULL, 0, NULL, NULL );
And it works correctly.
I can also use OpenLDAP and SASL (GSSAPI (Kerberos)) to
connect to an LDAP directory. I first do the above to authenticate
myself with Kerberos, store the credentials, and connect to the LDAP
directory (ldap_sasl_interactive_bind_s()). However, this only works
when the user and the LDAP directory are in the same realm.
I'm wondering if I'm supposed to first authenticate to the
realm where the ldap server is before using
ldap_sasl_interactive_bind_s()? Do I need to pass something in the
krb5_get_init_creds_password() to authenticate to another realm? Am I
missing something else entirely? Any help would be greatly appreciated!
Thanks,
- Jeremiah
inlovewithGod@gmail.com