[kerberos-discuss] thoughts/issues making MIT krb code fit for drop-in to Solaris

Love Hörnquist Åstrand lha at kth.se
Fri Sep 19 11:30:21 EDT 2008

19 sep 2008 kl. 17.10 skrev Nicolas Williams:

> On Fri, Sep 19, 2008 at 12:53:13AM -0400, Ken Raeburn wrote:
>> On Sep 17, 2008, at 20:04, Will Fiveash wrote:
>>> - No reverse DNS lookup in krb5_sname_to_principal()
>> *sigh*
>> This will be a behavioral change.  We should also not be doing the  
>> DNS
>> lookup to canonicalize the name in the first place, but fixing that
>> requires other support (having the KDC recognize aliases, etc); that
>> will also be a behavioral change.  I think we've been maintaining the
>> status quo until we can inflict just one massive change on the end
>> sites instead of two.
> I've a plan.  We should discuss this.

We should.


> For me the krb5_sname_to_principal() issues are extremely annoying,  
> and
> I'd be tempted to request that they be given higher priority, except
> that it's been so broken for so long that a few years more might not
> hurt.  OK, I'm kidding about "years."

It must be fixed now, not later.


More information about the krbdev mailing list