> -----Original Message----- > From: Alexey Melnikov [mailto:alexey.melnikov@xxxxxxxxx] > Sent: Thursday, August 06, 2009 4:27 PM > To: Xu, Qiang (FXSGSC) > Cc: Howard Chu; cyrus-sasl@xxxxxxxxxxxxxxxxxxxx > Subject: Re: IPv6 Kerberos server address handling in SASL2 > GSSAPI plugin > > Xu, Qiang (FXSGSC) wrote: > > >Hi, all: > > > >In my testing of SASL LDAP binding, I found the GSSAPI > plugin library (/usr/lib/sasl2/libgssapiv2.so) will go mad if > an IPv6 address of Kerberos authentication server is passed > to it. It just can't recognize the IPv6 address, and would > take it as a hostname. > > > >For example, the IPv6 address of the Kerberos server is > "3ffe:2000:0:1:e0be:1872:d4f8:6b2c", and the authentication > domain is "xcipv6.com". When GSSAPI plugin receives this IPv6 > address, it would think the address is in a form of > "hostname:port", so would split the address at the first > colon, and combine it with the domain name, to form an FQDN > "3ffe.xcipv6.com". Then it would try to resolve this FQDN to > get the IP address (v4?). Of course, the resolving would lead > to an error. And SASL binding can't go through. > > > > > I believe this is happening inside MIT Kerberos V5 library, > so you need to talk to MIT. Really? I would be glad if MozLDAP and Cyrus SASL is cleared of any wrong-doing. Thanks a lot, Xu Qiang
