host name canonicalization
Sam Hartman
hartmans at MIT.EDU
Mon May 16 14:45:21 EDT 2005
>>>>> "Frank" == Frank Balluffi <frank.balluffi at db.com> writes:
Frank> It is my understanding that version 1.3.1 of MIT
Frank> gss_import_name canonicalizes host names using DNS. Does
Frank> the latest version of MIT GSSAPI canonicalize host names?
Frank> Is it possible to configure this behavior?
Yes it does and no it is not, although an option to configure this
behavior has been added and will appear by the 1.5 release.
Frank> Microsoft supports the KDC option NAME_CANONICALIZE (15) --
Frank> see
Frank> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/4a1daa3e-b45c-44ea-a0b6-fe8910f92f28.mspx.
Frank> Does this mean host name canonicalization on the KDC?
no. It has to do with user name canonicalization.
Frank> Does
Frank> MIT support KDC option 15?
not at this time.
More information about the Kerberos
mailing list