Proposed Behavior change: don't fail when krb5_sname_to_principal cannot canonicalize input

Simo Sorce simo at
Fri Oct 14 14:47:01 EDT 2011

On Fri, 2011-10-14 at 10:04 -0400, Sam Hartman wrote:
> I'd like to propose that if krb5_sname_to_principal fails to look
> something up in dns, it assume it's canonical form.  There are a
> number
> of cases where you might want a principal event though you cannot
> connect to the host. For example you might be checking a principal
> with
> kvno -S. You might be dealing with an acceptor principal even though
> your dns is down.
> This does change the error people will get but I think it improves
> things and helps people who don't need to depend on DNS introduce
> unneeded DNS dependencies.
+1 would help a lot on flaky networks.


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list