[krbdev.mit.edu #6008] use of incorrect or unknown principal types
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Thu Jul 3 15:31:33 EDT 2008
I tweaked the KDC logging to record the principal name types used in AS and TGS requests,
and ran the main dejagnu tests. Mostly things look okay, except:
krbtgt/KRBTEST.COM at KRBTEST.COM always has type NT-UNKNOWN (0). We construct these
specially in the client code; we should always be able to specify NT-SRV-INST (2).
The kadmin/admin and kadmin/changepw principals always use NT-PRINCIPAL, but I think
probably they should be NT-SRV-INST too.
The kadmin/fqdn principal always has type NT-PRINCIPAL (1); it should probably be NT-
SRV-HST (3).
The other service principal types (host, ftp, gssservice, and sample host-based services) all
were correctly specified as NT-SRV-HST.
There were some cases where the client principal name type didn't get logged, but in those
where it did, it appears to be correct.
More information about the krb5-bugs
mailing list