Preliminary discussion: DB alias entries
Ken Raeburn
raeburn at MIT.EDU
Wed Mar 11 14:15:49 EDT 2009
On Mar 11, 2009, at 13:54, Sam Hartman wrote:
> You also want to canonicalize the name when a service principal gets
> tickets as a client.
We may also need to do service-name canonicalization of user
principals in some u2u cases -- if not changing the actual name in the
credentials, at least being able to look up or verify an alias. (My
usual example is "alice" and "bob" talk in the lunch room and decide
to exchange files over some p2p system with u2u authentication, but
since those are the enterprise names they type in at login time, and
the names they've exchanged at lunch, and the names they'll be typing
in or looking for, the "real" NT-UID principal names
"3F2504E0-4F89-11D3-9A0C-0305E82C3301" and
"2f1e4fc0-81fd-11da-9156-00036a0f876a" won't mean anything to either
of them.)
More information about the krbdev
mailing list