[kerberos-discuss] thoughts/issues making MIT krb code fit for drop-in to Solaris

Nicolas Williams Nicolas.Williams at sun.com
Fri Sep 19 11:10:16 EDT 2008

On Fri, Sep 19, 2008 at 12:53:13AM -0400, Ken Raeburn wrote:
> On Sep 17, 2008, at 20:04, Will Fiveash wrote:
> > - No reverse DNS lookup in krb5_sname_to_principal()
> *sigh*
> This will be a behavioral change.  We should also not be doing the DNS  
> lookup to canonicalize the name in the first place, but fixing that  
> requires other support (having the KDC recognize aliases, etc); that  
> will also be a behavioral change.  I think we've been maintaining the  
> status quo until we can inflict just one massive change on the end  
> sites instead of two.

I've a plan.  We should discuss this.

For me the krb5_sname_to_principal() issues are extremely annoying, and
I'd be tempted to request that they be given higher priority, except
that it's been so broken for so long that a few years more might not
hurt.  OK, I'm kidding about "years."


More information about the krbdev mailing list