Bug 240904 - libuser can't use SASL/GSSAPI with LDAP
libuser can't use SASL/GSSAPI with LDAP
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libuser (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Miloslav Trmač
:
Depends On:
Blocks: 244231
  Show dependency treegraph
 
Reported: 2007-05-22 15:17 EDT by Simo Sorce
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 0.56.3-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-09 13:32:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Enable Selection of SASL Mechanisms (3.88 KB, patch)
2007-05-22 15:17 EDT, Simo Sorce
no flags Details | Diff

  None (edit)
Description Simo Sorce 2007-05-22 15:17:52 EDT
Description of problem:
libuser in its current form can't use GSSAPI as SASL Mechanism when using SASL
to authenticate against an LDAP server.

Version-Release number of selected component (if applicable):
0.56

How reproducible:
always

Steps to Reproduce:
1. Setup an LDAP server that uses GSSAPI (Kerberos) authentication
2. Setup libuser to connect to thet server and do not provide any
bindn or password (unnecessary with GSSAPI)
3. Run libuser against the ldap server and try to create a user.
  
Actual results:
No way is provided to select a SASL Mechanism.


Expected results:
A way to specify GSSAPI as a mechanism to use.

Additional info:
The attached patch let libuser use GSSAPI as a SASL mechanism.
This is provided setting the bindtype in [ldap] to SASL/GSSAPI instead of just
SASL. Other SASL mechanisms should work by specifing them the same way.
Only SASL/GSSAPI has been tested after applying this patch.
Comment 1 Simo Sorce 2007-05-22 15:17:52 EDT
Created attachment 155191 [details]
Enable Selection of SASL Mechanisms
Comment 2 Miloslav Trmač 2007-05-22 15:33:43 EDT
<mitr> simo: Thanks for the patch - I just wonder why the changes of
ldap/bindtype and ldap/user defaults are necessary.
<simo> mitr, bindtype) you need to tell the SASL library which SASL Mechanism
you want to use
<simo> mitr, user) you were forcing the user to be "user", but left blank the
SASL library will come up with user@REALM which is the right one
<simo> (at least for GSSAPI)
<mitr> simo: What's wrong with trying both simple and sasl by default?
<simo> mitr, oh that, nothing I was testing and removed sasl, you can put that
back if you want
<mitr> simo: Thanks a lot.  May I paste the above to the bug report?
<simo> mikeb, but just "sasl" is almost meaningless if you don't specify which
sasl mechanism you want to use
<simo> mitr, of course go ahed
Comment 3 Miloslav Trmač 2007-06-09 13:32:48 EDT
Thanks, applied in libuser-0.56.3-1.

Note You need to log in before you can comment on or make changes to this bug.