Fix up GSSAPI

author Kurt Zeilenga <kurt@openldap.org>

Thu, 18 Jan 2001 08:55:30 +0000 (08:55 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Thu, 18 Jan 2001 08:55:30 +0000 (08:55 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Thu, 18 Jan 2001 08:55:30 +0000 (08:55 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Thu, 18 Jan 2001 08:55:30 +0000 (08:55 +0000)
diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf

index fa3caf894477ed1ad2f85e12b600593f63663515..bffd4f2cf87439eaf51e55294e515011b9d5cbb5 100644 (file)
--- a/doc/guide/admin/sasl.sdf
+++ b/doc/guide/admin/sasl.sdf
@@ -122,12 +122,21 @@ use of the GSSAPI mechanism by specifying {{EX:-Y GSSAPI}} as a
  command option.
  
  For the purposes of authentication and authorization, {{slapd}}(8)
-associated the non-mapped authentication DN of
+associates a non-mapped authentication DN of the form:
  
->      uid=user@REALM,cn=GSSAPI,cn=authzid
+>      uid=principal,cn=GSSAPI,cn=authzid
  
-for the GSSAPI principal "user@REALM".  The may be subsequently
-mapped as detailed below.
+If the user principal is within the same realm, the realm is
+trimmed from the principal.  Continuting our example, a user
+with the Kerberos principal {{EX:kurt@EXAMPLE.COM}} would have
+the associated DN:
+
+>      uid=kurt,cn=GSSAPI,cn=authzid
+
+and the principal {{EX:ursula@@FORIEGN.REALM}} would have the
+associated DN:
+
+>      uid=ursula@FOREIGN-REALM,cn=GSSAPI,cn=authzid
  
  
  H3: KERBEROS_V4
author	Kurt Zeilenga <kurt@openldap.org>
	Thu, 18 Jan 2001 08:55:30 +0000 (08:55 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Thu, 18 Jan 2001 08:55:30 +0000 (08:55 +0000)