[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: GSSAPI and realm lookup hook

To: "Michael B Allen" <miallen@ioplex.com>
Subject: RE: GSSAPI and realm lookup hook
From: "Zeqing (Fred) Xia" <fxia@juniper.net>
Date: Wed, 12 Dec 2007 12:35:51 -0800
Cc: <heimdal-discuss@sics.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <61663514904A90488C38CE60FEDF67F40535A054@antitop.jnpr.net><20071212020827.e30225fb.miallen@ioplex.com><61663514904A90488C38CE60FEDF67F404B3AF92@antitop.jnpr.net> <20071212124852.348e224d.miallen@ioplex.com>
Reply-To: heimdal-discuss@sics.se, "Zeqing (Fred) Xia" <fxia@juniper.net>
Thread-Index: Acg850UNAbwvd9SaT5eT84QuOfN6+wAF1DuE
Thread-Topic: GSSAPI and realm lookup hook


That's right. I need to add specialized logic to determine the realm name given a host name. The application will then be able to use its own logic to influence the decision.

Thanks.



Fred


-----Original Message-----
From: Michael B Allen [mailto:miallen@ioplex.com]
Sent: Wed 12/12/2007 9:48 AM
To: Zeqing (Fred) Xia
Cc: heimdal-discuss@sics.se
Subject: Re: GSSAPI and realm lookup hook
 
On Wed, 12 Dec 2007 09:22:20 -0800
"Zeqing (Fred) Xia" <fxia@juniper.net> wrote:

> 
> Thanks a lot for the info. I was going to patch krb5_get_host_realm() in get_host_realm.c. 

I see. You want the realms for a host, not the hosts for a realm. Yes,
get_host_realm.c would be the right place to do that.

I've overloaded that myself too but for different reasons no doubt [1].

Mike

[1] http://www.stacken.kth.se/lists/heimdal-discuss/2007-03/msg00038.html

> -----Original Message-----
> From: Michael B Allen [mailto:miallen@ioplex.com]
> Sent: Tue 12/11/2007 11:08 PM
> To: Zeqing (Fred) Xia
> Cc: heimdal-discuss@sics.se
> Subject: Re: GSSAPI and realm lookup hook
>  
> On Tue, 11 Dec 2007 18:48:15 -0800
> "Zeqing (Fred) Xia" <fxia@juniper.net> wrote:
> 
> > Hi All,
> > 
> > I have a need to do realm lookup with a plugin, because the current
> > realm determination logic, other than dns lookup, is not sufficient for
> > the scenario I'm dealing with.
> 
> Hi Fred,
> 
> Do you mean that you want to alter how Heimdal resolves servers given
> a realm?
> 
> I don't know about the new plugin code but I have found that replacing
> lib/krb5/krbhst.c:srv_find_realm with my own implementation works
> quite well since the data structures involved are isolated and
> non-complicated.
> 
> Mike
> 
> -- 
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
> 


-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

Follow-Ups:
- Re: GSSAPI and realm lookup hook
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- GSSAPI and realm lookup hook
  - From: "Zeqing (Fred) Xia" <fxia@juniper.net>
- Re: GSSAPI and realm lookup hook
  - From: Michael B Allen <miallen@ioplex.com>
- RE: GSSAPI and realm lookup hook
  - From: "Zeqing (Fred) Xia" <fxia@juniper.net>
- Re: GSSAPI and realm lookup hook
  - From: Michael B Allen <miallen@ioplex.com>

Prev by Date: RE: GSSAPI and realm lookup hook
Next by Date: Re: GSSAPI and realm lookup hook
Prev by thread: Re: GSSAPI and realm lookup hook
Next by thread: Re: GSSAPI and realm lookup hook
Index(es):
- Date
- Thread