not all SASL protected blobs use a GSS wrapper for the payload so we

cant check that the payload starts with BER tag 0x60 and an oid.
instead  check that the length byte (first 4 bytes) look sane and if 
SASL authentication has been negotiated on the connection

also, sometimes clients will mix both non-SASL and SASL protected LDAP 
traffic on the same tcp connection   by initially performing simple 
unauthenticated searches on the database before performing the Bind.



svn path=/trunk/; revision=22948

0 files changed, 0 insertions, 0 deletions