Turning off hostname canonicalisation

Sam Hartman hartmans at MIT.EDU
Mon Sep 12 17:07:06 EDT 2005

>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:

    Jeffrey> I would consider case-insensitive lookups of service
    Jeffrey> principals in the KDB to be an example of such aliases,
    Jeffrey> provided the ticket issued by the KDC uses the same case
    Jeffrey> as the request.  Normally I would see little value in
    Jeffrey> such functionality, as existing specifications do
    Jeffrey> recommend case-folding of hostnames before they are used
    Jeffrey> to construct service principal names. Nonetheless, if
    Jeffrey> there are clients widely deployed which do not do this,
    Jeffrey> it would seem useful for KDC's to have such a feature,
    Jeffrey> and I do not believe it would be in conflict with the
    Jeffrey> Kerberos spec.

Yes.  However I don't think supporting case insensitive names in a
keytab works this way in an interoperable manner.


More information about the krbdev mailing list