Salt for aliases

Sam Hartman hartmans at MIT.EDU
Tue Apr 14 12:22:12 EDT 2009

We had hoped to test salting of aliases and some canonicalization issues at the interop event.

Unfortunately, that testing never happened.

I suspect that if you use aliasing for user name aliases that you
really want to have the KDC return a specific salt string in the
etype_info2 based on the canonical principal name.

This is out of scope of anything I'm currently working on and I would
not count on me for having time to deal.


More information about the krbdev mailing list