Salt for aliases
hartmans at MIT.EDU
Tue Apr 14 12:22:12 EDT 2009
We had hoped to test salting of aliases and some canonicalization issues at the interop event.
Unfortunately, that testing never happened.
I suspect that if you use aliasing for user name aliases that you
really want to have the KDC return a specific salt string in the
etype_info2 based on the canonical principal name.
This is out of scope of anything I'm currently working on and I would
not count on me for having time to deal.
More information about the krbdev