Turning off hostname canonicalisation

Andrew Bartlett abartlet at samba.org
Fri Sep 9 21:14:50 EDT 2005

On Fri, 2005-09-09 at 21:00 -0400, Jeffrey Altman wrote:
> Andrew Bartlett wrote:
> > How are MIT/Heimdal realms coping with windows clients, which I presume
> > don't do such fqdn resolution.  Is the concept of servicePrincipalName
> > spreading to cope, or are there just multiple principals and keytab
> > entries being created?
> Currently, large numbers of principal names and keytab entries are being
> created to deal with this issue.

Likewise, is there any move to at least allow case insensitivity in
principal names or keytab entries?  I know the Samba patch to allow this
(in the member server, presumably for an AD KDC) is pretty ugly...

(We normally join the domain and get a password, so take any incoming
name, but for some reason we also have AD sites which refuse to give
machine trust accounts to their unix servers, so hand out keytabs).

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050910/1c966752/attachment.bin

More information about the krbdev mailing list