Patch to ignore service principals when accepting connexions.

Simo Sorce ssorce at
Thu Aug 26 08:21:01 EDT 2010

On Wed, 25 Aug 2010 20:48:36 -0400
Sam Hartman <hartmans at MIT.EDU> wrote:

> How far along would a patch that simply made krb5_rd_req not care
> about the second component (hostname) of a principal go to address
> your needs? Do you need cases where the realm mismatches or where the
> application asked for nfs and you really want imap?

I know of at least one case CIFS file serving. CIFS clients may try to
use one of these 2 names for host

foo$@EXAMPLE.COM and cifs/ at EXAMPLE.COM

And I think it is not unheard of seeing
host/ at EXAMPLE.COM too, the reason is that in AD each
machine has a truckload of aliases all applied to the same key


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list