Preliminary discussion: DB alias entries

Simo Sorce ssorce at
Fri Mar 13 09:45:00 EDT 2009

On Sat, 2009-03-14 at 00:37 +1100, Luke Howard wrote:
> > I meant to ask about this for some time, but always postponed to  
> > gather
> > some more info before asking :/
> > I tested a while back if renaming users (changing krbPrincipalName via
> > ldapmodify) would work, and it didn't (I had to reset the secret as  
> > well
> > every time). I assume the fix you did would also resolve this issue,  
> > it
> > would be very cool.
> Right, it should work; the salt should be stored with the key,  
> independently of the principal name, and if necessary returned to the  
> client in an ETYPE-INFO[2]. Things are a little more complicated for  
> service principals, but hopefully their names are less likely to change.

I initially tried making the salt always random, but that obviously
didn't work, if the libs are fixed to accept a random salt with all
enctypes that would be also nice.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list