Principal naming

[Greg Hudson]

Can you be more specific about what real interoperability problems are
cropping up from either principal case sensitivity or from "degenerate"
principals like /@, and how you would like those problems to be
resolved?

krb5 1.7 adds some support for protocol features which would allow a KDC
to treat principals as partially or completely case-insensitive.
Clients and servers are not expected to know the KDC's case-handling
policy; this is achieved by allowing clients to request canonicalization
of client principal names when obtaining initial tickets, and by
allowing servers to match server principals in keytabs by key rather
than by name.  There is no back-end support for case-folding in the
shipped DB2 and LDAP back ends, so that piece remains "a simple matter
of programming" for the moment.