Bug 856155
Summary: | perl-LDAP fails GSSAPI authentication | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Marko Myllynen <myllynen> |
Component: | perl-LDAP | Assignee: | perl-maint-list |
Status: | CLOSED WORKSFORME | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | abokovoy, ppisar, psabata |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-12 08:19:10 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marko Myllynen
2012-09-11 10:32:02 UTC
This is the famous story about hostname canonicalization which I've seen in other projects too. Debian decided not to fix it because, according to upstream, it would break other (MIT) users and recommended way is to pass result of Authen::SASL->new(mechanism => 'GSSAPI')->client_new('ldap', $server) to NET::LDAP::bind(). Does this change in your application fix this problem for you? (In reply to comment #2) > This is the famous story about hostname canonicalization which I've seen in > other projects too. Very (in)famous indeed :) > Debian decided not to fix it because, according to upstream, it would break > other (MIT) users and recommended way is to pass result of > Authen::SASL->new(mechanism => 'GSSAPI')->client_new('ldap', $server) to > NET::LDAP::bind(). > > Does this change in your application fix this problem for you? Yes, it does, thanks a lot for the tip! Closing in the hope this answer will find its way to the top of the search results.. For your information, upstream fixed the behavior in 0.57 release with <https://github.com/perl-ldap/perl-ldap/commit/f36b2cd1edc53db262f2292053c07615784461a2> commit. The 0.57 release defaults to SASL hostname given as a hostname to LDAP->new() and an application can override the SASL hostname with a new sasl_host option of bind() argument. |