-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- case LDAP_AUTH_KRBV41:
- if ( krbv4_ldap_auth( be, cred, &ad ) != LDAP_SUCCESS ) {
- send_ldap_result( conn, op, rc = LDAP_INVALID_CREDENTIALS,
- NULL, NULL, NULL, NULL );
- goto done;
- }
-
- rc = access_allowed( be, conn, op, e,
- krbattr, NULL, ACL_AUTH, NULL );
- if ( ! rc ) {
- send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
- NULL, NULL, NULL, NULL );
- goto done;
- }
-
- sprintf( krbname, "%s%s%s@%s", ad.pname, *ad.pinst ? "."
- : "", ad.pinst, ad.prealm );
-
- if ( (a = attr_find( e->e_attrs, krbattr )) == NULL ) {
- /*
- * no krbname values present: check against DN
- */
- if ( strcasecmp( dn, krbname ) == 0 ) {
- rc = 0;
- break;
- }
- send_ldap_result( conn, op, rc = LDAP_INAPPROPRIATE_AUTH,
- NULL, NULL, NULL, NULL );
- goto done;
-
- } else { /* look for krbname match */
- struct berval krbval;
-
- krbval.bv_val = krbname;
- krbval.bv_len = strlen( krbname );
-
- if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
- send_ldap_result( conn, op,
- rc = LDAP_INVALID_CREDENTIALS,
- NULL, NULL, NULL, NULL );
- goto done;
- }
- }
- rc = 0;
- break;
-
- case LDAP_AUTH_KRBV42:
- send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
- NULL, "Kerberos bind step 2 not supported",
- NULL, NULL );
- goto done;
-#endif
-