Preliminary discussion: DB alias entries

Simo Sorce ssorce at
Fri Mar 13 08:58:32 EDT 2009

On Thu, 2009-03-12 at 23:21 -0400, Greg Hudson wrote:

> * I discovered that our client side support for aliases didn't work in
> cases where the client derives the salt from the client principal name.
> I've committed a fix for the simple case (no preauth); Sam thinks
> further changes are probably necessary for some preauth cases but hopes
> to learn more about what those changes are at the interop event.

I meant to ask about this for some time, but always postponed to gather
some more info before asking :/
I tested a while back if renaming users (changing krbPrincipalName via
ldapmodify) would work, and it didn't (I had to reset the secret as well
every time). I assume the fix you did would also resolve this issue, it
would be very cool.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list