Preliminary discussion: DB alias entries

Luke Howard lukeh at
Fri Mar 13 09:37:26 EDT 2009

> I meant to ask about this for some time, but always postponed to  
> gather
> some more info before asking :/
> I tested a while back if renaming users (changing krbPrincipalName via
> ldapmodify) would work, and it didn't (I had to reset the secret as  
> well
> every time). I assume the fix you did would also resolve this issue,  
> it
> would be very cool.

Right, it should work; the salt should be stored with the key,  
independently of the principal name, and if necessary returned to the  
client in an ETYPE-INFO[2]. Things are a little more complicated for  
service principals, but hopefully their names are less likely to change.

-- Luke

More information about the krbdev mailing list