Case insensitive names
hartmans at MIT.EDU
Wed Sep 14 18:08:04 EDT 2005
>>>>> "Andrew" == Andrew Bartlett <abartlet at samba.org> writes:
Andrew> On Tue, 2005-09-13 at 14:59 -0400, Sam Hartman wrote:
>> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com>
Nicolas> The proposed set/change password version 2 protocol deals
Nicolas> with principal aliasing...
>> It requires that the KDC be able to enumerate all the
>> principals that a particular service can be known as. That is
>> not compatible with case insensitive keytabs in an
>> interoperable manner.
Andrew> I don't get this. If the KDC knows that it is case
Andrew> insensitve, then why can't it just include an extra
Andrew> boolean to the effect of 'and all case variations of the
Andrew> above'? The set/change password isn't RFC yet, right?
Andrew> And why can't we have a similar flag in a keytab entry?
The internationalization issues associated with doing this would
probably be annoying to deal with. The saslprep stringprep profile is
not case-folding, so no, it would not be clear what to do for
extensions if this boolean was set.
But yes, someone could do the necessary work to standardize behavior
for that case and propose adding such a feature. So far, I don't know
of anyone who plans to do that work. I agree it would be desirable if
More information about the krbdev