[31343] in Kerberos
RE: IPv6 handling in SASL LDAP binding
daemon@ATHENA.MIT.EDU (Xu, Qiang (FXSGSC))
Thu Aug 6 21:28:10 2009
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
To: Russ Allbery <rra@stanford.edu>, "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 7 Aug 2009 09:27:35 +0800
Message-ID: <D8C9BC7FFCF8154FB7141EB8DB609C172E71BD625B@SGPAPHQ-EXSCC01.dc01.fujixerox.net>
In-Reply-To: <87ocqtdjib.fsf@windlord.stanford.edu>
Content-Language: en-US
MIME-Version: 1.0
X-MAIL-FROM: <qiang.xu@fujixerox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> -----Original Message-----
> From: kerberos-bounces@mit.edu
> [mailto:kerberos-bounces@mit.edu] On Behalf Of Russ Allbery
> Sent: Thursday, August 06, 2009 11:56 PM
> To: kerberos@mit.edu
> Subject: Re: IPv6 handling in SASL LDAP binding
>
> I have no idea if Cyrus SASL supports IPv6 or not, but try
> using [3ffe:2000:0:1:e0be:1872:d4f8:6b2c] instead. The
> brackets disambiguate
> IPv6 address literals from hostnames with ports.
I have seeked help from Cyrus SASL community. Some ppl told me that this seems not a bug of Cyrus-SASL libraries, e.g. "/usr/lib/sasl2/libgssapiv2.so is calling /lib/libgssapi_krb5.so to locate the Kerberos authentication server".
By the way, I can't add brackets to the IPv6 address. In fact, the real scenario is that the Kerberos server is configured with a hostname. And there is an option in our DNS setting to enable "Prefer IPv6 address over IPv4 address". This way, when DNS resolves the Kerberos server's hostname, it gets IPv6 address, and this is used to located the Kerberos server and initiate the TGS-REQ request.
But, alas, since the server can't be located with IPv6 address, TGS-REQ is never sent out, and SASL binding fails.
Could you tell me if the plugin "/lib/libgssapi_krb5.so" can handle IPv6 address?
Thanks,
Xu Qiang
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
