[kerberos-discuss] thoughts/issues making MIT krb code fit for drop-in to Solaris
Nicolas Williams
Nicolas.Williams at sun.com
Fri Sep 19 11:10:16 EDT 2008
On Fri, Sep 19, 2008 at 12:53:13AM -0400, Ken Raeburn wrote:
> On Sep 17, 2008, at 20:04, Will Fiveash wrote:
> > - No reverse DNS lookup in krb5_sname_to_principal()
>
> *sigh*
>
> This will be a behavioral change. We should also not be doing the DNS
> lookup to canonicalize the name in the first place, but fixing that
> requires other support (having the KDC recognize aliases, etc); that
> will also be a behavioral change. I think we've been maintaining the
> status quo until we can inflict just one massive change on the end
> sites instead of two.
I've a plan. We should discuss this.
For me the krb5_sname_to_principal() issues are extremely annoying, and
I'd be tempted to request that they be given higher priority, except
that it's been so broken for so long that a few years more might not
hurt. OK, I'm kidding about "years."
Nico
--
More information about the krbdev
mailing list