[kerberos-discuss] thoughts/issues making MIT krb code fit for drop-in to Solaris
Love Hörnquist Åstrand
lha at kth.se
Fri Sep 19 11:30:21 EDT 2008
19 sep 2008 kl. 17.10 skrev Nicolas Williams:
> On Fri, Sep 19, 2008 at 12:53:13AM -0400, Ken Raeburn wrote:
>> On Sep 17, 2008, at 20:04, Will Fiveash wrote:
>>> - No reverse DNS lookup in krb5_sname_to_principal()
>>
>> *sigh*
>>
>> This will be a behavioral change. We should also not be doing the
>> DNS
>> lookup to canonicalize the name in the first place, but fixing that
>> requires other support (having the KDC recognize aliases, etc); that
>> will also be a behavioral change. I think we've been maintaining the
>> status quo until we can inflict just one massive change on the end
>> sites instead of two.
>
> I've a plan. We should discuss this.
We should.
http://www.h5l.org/blog/index.php/2008/09/referrals/
> For me the krb5_sname_to_principal() issues are extremely annoying,
> and
> I'd be tempted to request that they be given higher priority, except
> that it's been so broken for so long that a few years more might not
> hurt. OK, I'm kidding about "years."
It must be fixed now, not later.
Love
More information about the krbdev
mailing list