SASL GSSAPI under Win32

Michael Ströder michael at
Mon Aug 10 20:51:52 CEST 2009

Torsten Kurbad wrote:
>>> Im using the 2.3.9 release I got here:
>> These are .egg files built by Torsten. Not sure what he did regarding Kerberos.
> Sorry for my late reply.
> To be honest, I did nothing regarding Kerberos. I just compiled a very
> stripped down version of cyrus-sasl (following the guide on
> and then linked it
> statically to the python-ldap build, leaving out all plugin DLLs.

I'd strongly prefer if SASL would be either functional at least of the
password based mechs or not compiled into the Win32 builds at all.

Note that some implementations (like web2ldap) might look at the
ldap.SASL_AVAIL variable and change the behaviour accordingly.

> Theoretically it should be possible to statically link in the plugin
> libs, too - I'll try that tomorrow, if I find the time. Anyway, that
> would just give very basic functionality like MD5,

It'll be great if at least the password-based mechs would be supported. IÄd
appreciate if Waldemar and you could bring your builds in line.

> but no Kerberos, since cyrus only builds against Heimdal or MIT, which are
> not (yet) available for Windows (and most probably never will be).

There is MIT Kerberos for Windows but it uses its own ticket cache which does
not make sense at all.

> Michael, can you think of any LDAP-SASL-Kerberos combination that we
> still might try to build on Windows?

Well, this was the reason why David started his experiments with linking
against winldap.dll which makes use of the native Windows Kerberos implementation.

Ciao, Michael.

More information about the python-ldap mailing list