Case insensitive names

Sam Hartman hartmans at MIT.EDU
Wed Sep 14 18:08:04 EDT 2005

>>>>> "Andrew" == Andrew Bartlett <abartlet at> writes:

    Andrew> On Tue, 2005-09-13 at 14:59 -0400, Sam Hartman wrote:
    >> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at>
    >> writes:
    Nicolas> The proposed set/change password version 2 protocol deals
    Nicolas> with principal aliasing...
    >> It requires that the KDC be able to enumerate all the
    >> principals that a particular service can be known as.  That is
    >> not compatible with case insensitive keytabs in an
    >> interoperable manner.

    Andrew> I don't get this.  If the KDC knows that it is case
    Andrew> insensitve, then why can't it just include an extra
    Andrew> boolean to the effect of 'and all case variations of the
    Andrew> above'?  The set/change password isn't RFC yet, right?
    Andrew> And why can't we have a similar flag in a keytab entry?

The internationalization issues associated with doing this would
probably be annoying to deal with.  The saslprep stringprep profile is
not case-folding, so no, it would not be clear what to do for
extensions if this boolean was set.

But yes, someone could do the necessary work to standardize behavior
for that case and propose adding such a feature.  So far, I don't know
of anyone who plans to do that work.  I agree it would be desirable if
that happened.


More information about the krbdev mailing list