Add SASL support to LDAP KDB module

Add variables for the SASL mechanism, authcid, authzid, and realm.  If
a SASL mechanism is set, perform an interactive bind with that
mechanism.  If <sasl/sasl.h> is found at build time, provide the
authcid, authzid, and realm in the interaction function, and provide a
SASL secret read from the service password file (under the authcid) if
we found one.

Based on a patch from Zoran Pericic <zpericic@netst.org>.

ticket: 7944 (new)

1 files changed, 8 insertions, 0 deletions

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 38846eb..d9cb5a4 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -239,7 +239,15 @@ typedef unsigned char   u_char;
 #define KRB5_CONF_KRB524_SERVER                "krb524_server"
 #define KRB5_CONF_LDAP_CONNS_PER_SERVER        "ldap_conns_per_server"
 #define KRB5_CONF_LDAP_KADMIND_DN              "ldap_kadmind_dn"
+#define KRB5_CONF_LDAP_KADMIND_SASL_AUTHCID    "ldap_kadmind_sasl_authcid"
+#define KRB5_CONF_LDAP_KADMIND_SASL_AUTHZID    "ldap_kadmind_sasl_authzid"
+#define KRB5_CONF_LDAP_KADMIND_SASL_MECH       "ldap_kadmind_sasl_mech"
+#define KRB5_CONF_LDAP_KADMIND_SASL_REALM      "ldap_kadmind_sasl_realm"
 #define KRB5_CONF_LDAP_KDC_DN                  "ldap_kdc_dn"
+#define KRB5_CONF_LDAP_KDC_SASL_AUTHCID        "ldap_kdc_sasl_authcid"
+#define KRB5_CONF_LDAP_KDC_SASL_AUTHZID        "ldap_kdc_sasl_authzid"
+#define KRB5_CONF_LDAP_KDC_SASL_MECH           "ldap_kdc_sasl_mech"
+#define KRB5_CONF_LDAP_KDC_SASL_REALM          "ldap_kdc_sasl_realm"
 #define KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN   "ldap_kerberos_container_dn"
 #define KRB5_CONF_LDAP_SERVERS                 "ldap_servers"
 #define KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE   "ldap_service_password_file"