Turning off hostname canonicalisation
hartmans at MIT.EDU
Tue Sep 13 21:54:53 EDT 2005
>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:
Jeffrey> On Tuesday, September 13, 2005 02:59:41 PM -0400 Sam
Jeffrey> <hartmans at mit.edu> wrote:
>>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com>
Nicolas> The proposed set/change password version 2 protocol deals
Nicolas> with principal aliasing...
>> It requires that the KDC be able to enumerate all the
>> principals that a particular service can be known as. That is
>> not compatible with case insensitive keytabs in an
>> interoperable manner.
Jeffrey> You've used that phrase twice now, and I still can't
Jeffrey> figure out what it means. What requirement do you see
Jeffrey> that is not being met?
The issue is that unless I know that both the KDC and the keytab code
are case insensitive, then it will not work interoperably.
I think it is very dangerous to encourage implementations to have
aliasing algorithms beyond what the set/change password spec will
allow because doing so reduces the likelihood that one vendor's code
can be used to replace another vendor's code.
More information about the krbdev