Turning off hostname canonicalisation
Nicolas Williams
Nicolas.Williams at sun.com
Tue Sep 13 15:22:41 EDT 2005
On Tue, Sep 13, 2005 at 03:10:51PM -0400, Jeffrey Hutzelman wrote:
>
>
> On Tuesday, September 13, 2005 02:59:41 PM -0400 Sam Hartman
> <hartmans at mit.edu> wrote:
>
> >>>>>>"Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> >
> > Nicolas> The proposed set/change password version 2 protocol deals
> > Nicolas> with principal aliasing...
> >
> >
> >It requires that the KDC be able to enumerate all the principals that
> >a particular service can be known as. That is not compatible with
> >case insensitive keytabs in an interoperable manner.
>
> You've used that phrase twice now, and I still can't figure out what it
> means. What requirement do you see that is not being met?
>
> Note that a KDC _could_ enumerate all possible mixtures of upper and lower
> case for a given principal name. It'd be sort of suckful compared to just
> making matching case-insensitive, but it could be done.
Anyone can do case-insensitive comparison -- what's hard is knowing what
other aliases exist that differ in more than just case from a given
canonical name.
More information about the krbdev
mailing list