SASL GSSAPI "authorization identity" and padding
After the SASL "GSSAPI" method has authenticated gss_wrap is called
with some data to be used with ldap_sasl_bind_s. This data is 1)
a confidentiality and integrity bitmask, 2) the maximum buffer size
accepted by the client, and 3) the "authorization identity".
What is the "authorization identity"? Is it a UPN or ...?
Also, RFC 2222 and others claim the data must be padded to a multiple of
8 but I don't see that padding using ldapsearch with cyrus-sasl. Is
there supposed to be padding or not?
Michael B Allen
PHP Active Directory SSO
Kerberos mailing list [email]Kerberos@mit.edu[/email]