Turning off hostname canonicalisation

Nicolas Williams Nicolas.Williams at sun.com
Tue Sep 13 15:22:41 EDT 2005

On Tue, Sep 13, 2005 at 03:10:51PM -0400, Jeffrey Hutzelman wrote:
> On Tuesday, September 13, 2005 02:59:41 PM -0400 Sam Hartman 
> <hartmans at mit.edu> wrote:
> >>>>>>"Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> >
> >    Nicolas> The proposed set/change password version 2 protocol deals
> >    Nicolas> with principal aliasing...
> >
> >
> >It requires that the KDC be able to enumerate all the principals that
> >a particular service can be known as.  That is not compatible with
> >case insensitive keytabs in an interoperable manner.
> You've used that phrase twice now, and I still can't figure out what it 
> means.  What requirement do you see that is not being met?
> Note that a KDC _could_ enumerate all possible mixtures of upper and lower 
> case for a given principal name.  It'd be sort of suckful compared to just 
> making matching case-insensitive, but it could be done.

Anyone can do case-insensitive comparison -- what's hard is knowing what
other aliases exist that differ in more than just case from a given
canonical name.

More information about the krbdev mailing list