svn commit: samba r10021 - in branches/SAMBA_4_0/source/auth/kerberos: .

[abartlet at samba.org]

Author: abartlet
Date: 2005-09-04 06:19:57 +0000 (Sun, 04 Sep 2005)
New Revision: 10021

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10021

Log:
More kerberos notes.

Modified:
   branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt


Changeset:
Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt
===================================================================
--- branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt	2005-09-04 02:09:32 UTC (rev 10020)
+++ branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt	2005-09-04 06:19:57 UTC (rev 10021)
@@ -229,8 +229,9 @@
 
  - DCE_STYLE
 
- - gsskrb5_get_initiator_subkey() (return the opposite key to what the
-   lucid context and get_subkey() calls return).
+ - gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+   has always asked for.  gsskrb5_get_subkey() might do what we need
+   anyway)
 
  - gsskrb5_get_authz_data()
 
@@ -281,13 +282,29 @@
 keytab was devised.  MEMORY_WILDCARD: is much like MEMORY:, except it
 only matches on kvno, rather than on the principal name.
 
+Another way of handling this amy be to declare "" as a wildcard name,
+or perhaps allow principal names to be fnmatch() or regex expressions.
+
+Hmm, looking over the code again, I'm really not sure we need this...
+We should be able to just specify the same principal as a desired name
+(GSSAPI) and principal (keytab).
+
 Extra Heimdal functions used
 ----------------------------
 (an attempt to list some of the Heimdal-specific functions I know we use)
 
-krb5_make_principal()
 krb5_free_keyblock_contents()
 
+also a raft of prinicpal manipulation functions:
+
+Prncipal Manipulation
+---------------------
+
+Samba makes extensive use of the principal manipulation functions in
+Heimdal, including the known structure behind krb_principal and
+krb5_realm (a char *).
+
+
 KDC Extensions
 --------------