[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cross Realm HELP


   I'm currently using Heimdal Kerberos, Cyrus SASL, and OpenLDAP in a project.

   I can authenticate users using Heimdal Kerberos by doing the following:

krb5_init_context( &krbcontext ); 
krb5_make_principal( krbcontext, &krbprincipal, realm, username, NULL );
krb5_get_init_creds_password( krbcontext, &krbcreds, krbprincipal, password, NULL, NULL, 0, NULL, NULL );

   And it works correctly.

   I can also use OpenLDAP and SASL (GSSAPI (Kerberos)) to connect to an LDAP directory. I first do the above to authenticate myself with Kerberos, store the credentials, and connect to the LDAP directory (ldap_sasl_interactive_bind_s()). However, this only works when the user and the LDAP directory are in the same realm.

   I'm wondering if I'm supposed to first authenticate to the realm where the ldap server is before using ldap_sasl_interactive_bind_s()? Do I need to pass something in the krb5_get_init_creds_password() to authenticate to another realm? Am I missing something else entirely? Any help would be greatly appreciated!


  - Jeremiah