Preliminary discussion: DB alias entries

Ken Raeburn raeburn at MIT.EDU
Wed Mar 11 14:15:49 EDT 2009

On Mar 11, 2009, at 13:54, Sam Hartman wrote:
> You also want to canonicalize the name when a service principal gets
> tickets as a client.

We may also need to do service-name canonicalization of user  
principals in some u2u cases -- if not changing the actual name in the  
credentials, at least being able to look up or verify an alias.  (My  
usual example is "alice" and "bob" talk in the lunch room and decide  
to exchange files over some p2p system with u2u authentication, but  
since those are the enterprise names they type in at login time, and  
the names they've exchanged at lunch, and the names they'll be typing  
in or looking for, the "real" NT-UID principal names  
"3F2504E0-4F89-11D3-9A0C-0305E82C3301" and  
"2f1e4fc0-81fd-11da-9156-00036a0f876a" won't mean anything to either  
of them.)

More information about the krbdev mailing list