Turning off hostname canonicalisation
abartlet at samba.org
Fri Sep 9 21:14:50 EDT 2005
On Fri, 2005-09-09 at 21:00 -0400, Jeffrey Altman wrote:
> Andrew Bartlett wrote:
> > How are MIT/Heimdal realms coping with windows clients, which I presume
> > don't do such fqdn resolution. Is the concept of servicePrincipalName
> > spreading to cope, or are there just multiple principals and keytab
> > entries being created?
> Currently, large numbers of principal names and keytab entries are being
> created to deal with this issue.
Likewise, is there any move to at least allow case insensitivity in
principal names or keytab entries? I know the Samba patch to allow this
(in the member server, presumably for an AD KDC) is pretty ugly...
(We normally join the domain and get a password, so take any incoming
name, but for some reason we also have AD sites which refuse to give
machine trust accounts to their unix servers, so hand out keytabs).
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050910/1c966752/attachment.bin
More information about the krbdev