Preliminary discussion: DB alias entries
lukeh at padl.com
Fri Mar 13 18:06:54 EDT 2009
> Luke> Right, it should work; the salt should be stored with the
> Luke> key, independently of the principal name, and if necessary
> Luke> returned to the client in an ETYPE-INFO. Things are a
> Luke> little more complicated for service principals, but
> Luke> hopefully their names are less likely to change.
> Our code doesn't store salts like that.
> kadmind could be changed to do so.
Ah, OK. So, I was thinking of the Novell backend.
More information about the krbdev