Turning off hostname canonicalisation

Sam Hartman hartmans at MIT.EDU
Tue Sep 13 21:54:53 EDT 2005

>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:

    Jeffrey> On Tuesday, September 13, 2005 02:59:41 PM -0400 Sam
    Jeffrey> Hartman
    Jeffrey> <hartmans at mit.edu> wrote:

    >>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com>
    >>>>>>> writes:
    Nicolas> The proposed set/change password version 2 protocol deals
    Nicolas> with principal aliasing...
    >> It requires that the KDC be able to enumerate all the
    >> principals that a particular service can be known as.  That is
    >> not compatible with case insensitive keytabs in an
    >> interoperable manner.

    Jeffrey> You've used that phrase twice now, and I still can't
    Jeffrey> figure out what it means.  What requirement do you see
    Jeffrey> that is not being met?
The issue is that unless I know that both the KDC and the keytab code
are case insensitive, then it will not work interoperably.

I think it is very dangerous to encourage implementations to have
aliasing algorithms beyond what the set/change password spec will
allow because doing so reduces the likelihood that one vendor's code
can be used to replace another vendor's code.

More information about the krbdev mailing list