ksu fails with uppercase hostname
Greg Hudson
ghudson at MIT.EDU
Fri Apr 6 10:04:54 EDT 2012
I've taken krbdev off the cc line, since I'd rather not have the same
conversation on two lists.
On 04/06/2012 08:10 AM, Anubha Gupta wrote:
> 1. Why are the principals converted into lowercase here?
Because hostnames are case-insensitive and principals are
case-sensitive, the krb5 library forces a choice of case when converting
a hostname to a principal.
> Since, ksu works
> if I remove this part of the code, what would be the consequences if I
> comment this out.
krb5_sname_to_principal is used not only for ksu, but also when
determining the principal of a target service (e.g. for ssh).
> 2. Does ksu work with uppercase hostname?
ksu works fine regardless of what case gethostname() returns, but
expects the service principal to contain the lowercase form of the hostname.
> 3. Can a service principal be created with uppercase. I understand that the
> realm has to be uppercase but are there any standard rules for service
> names as well?
There are. RFC 4120 section 6.2.1, which governs the names of service
principals, states that "Where the name of the host is not case
sensitive (for example, with Internet domain names) the name of the host
MUST be lowercase."
More information about the Kerberos
mailing list