fix SASL "GSSAPI" bind against w2k3

Andrew Bartlett abartlet at samba.org
Tue Apr 10 22:17:42 GMT 2007


On Tue, 2007-04-10 at 11:28 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jeremy Allison wrote:
> > On Tue, Apr 10, 2007 at 09:59:25AM -0500, Gerald (Jerry) Carter wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Stefan (metze) Metzmacher wrote:
> >>> Gerald (Jerry) Carter schrieb:
> >>>>> Metze,
> >>>>>
> >>>>>> I'm about to commit the following patch to SAMBA_3_0,
> >>>>>> which fixes the LDAP SASL "GSSAPI" bind against w2k3.
> >>>>> The comment makes sense to me.  But I didn't work on
> >>>>> the original code so I'm not sure why ads->config.bind_dn
> >>> I assume tridge read RFC2222 (where adding 'dn:...' is proposed)
> >>> and tried the domain base dn and it worked against w2k...
> >>>
> >>> W2K totally ignores the dn, but w2k3 checks it...
> >>>
> >>> With the patch w2k (plain) and w2k3 (plain) are happy
> >> That's proof enough for me.  Nice work.
> > 
> > Do we need this for 3.0.25 final ?
> 
> No.  IIRC this code was disabled anyways.

Well not disabled, but like the NTLM code that was hidden there, it
wasn't possible for it to be used against any server that supports
GSS-SPNEGO (so yes, disabled).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070411/77a87f2b/attachment.bin


More information about the samba-technical mailing list