directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <>
Subject Re: svn commit: r543905 - /directory/apacheds/trunk/server-main/server.xml
Date Tue, 05 Jun 2007 20:03:00 GMT
On 6/5/07, Emmanuel Lecharny <> wrote:
> ...
> This is where I don't understand. The LDP request specify thet the bind is
> SIMLPLE, not SASL, so I don't see a reason to pass through GSSAPI.May be I'm
> plain wrong, maybe then the PLAIN mechanism should be used, but I don't
> think this is the way to go. Can you elaborate a little bit?

Sorry, you confused me by including a snippet of the "props" bean from
the Spring XML, so I thought this was related to the back-end bind.

That a remote client attempts a SIMPLE bind and sees the warning about
GSSAPI not being properly configured is simply because the GSSAPI
principal is re-tried on EVERY bind until one is found.  The idea was
you'd see this warning and think "I need to obey the warning and add a
service principal."  This would allow you to add the principal and
have it get used without restarting the server.

I agree that seeing a GSSAPI warning on a remote SIMPLE bind is
misleading.  But, it is not the case that SIMPLE binds "pass through
GSSAPI," only that binds are the trigger for re-checking the presence
of a GSSAPI service principal.  I can add a conditional to only re-try
finding a GSSAPI principal with GSSAPI requests.


View raw message