Preliminary discussion: DB alias entries
Simo Sorce
ssorce at redhat.com
Fri Mar 13 09:45:00 EDT 2009
On Sat, 2009-03-14 at 00:37 +1100, Luke Howard wrote:
> > I meant to ask about this for some time, but always postponed to
> > gather
> > some more info before asking :/
> > I tested a while back if renaming users (changing krbPrincipalName via
> > ldapmodify) would work, and it didn't (I had to reset the secret as
> > well
> > every time). I assume the fix you did would also resolve this issue,
> > it
> > would be very cool.
>
> Right, it should work; the salt should be stored with the key,
> independently of the principal name, and if necessary returned to the
> client in an ETYPE-INFO[2]. Things are a little more complicated for
> service principals, but hopefully their names are less likely to change.
Yes,
I initially tried making the salt always random, but that obviously
didn't work, if the libs are fixed to accept a random salt with all
enctypes that would be also nice.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list