svn commit: samba r10021 - in
branches/SAMBA_4_0/source/auth/kerberos: .
abartlet at samba.org
abartlet at samba.org
Sun Sep 4 06:19:58 GMT 2005
Author: abartlet
Date: 2005-09-04 06:19:57 +0000 (Sun, 04 Sep 2005)
New Revision: 10021
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10021
Log:
More kerberos notes.
Modified:
branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt
Changeset:
Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt
===================================================================
--- branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-09-04 02:09:32 UTC (rev 10020)
+++ branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-09-04 06:19:57 UTC (rev 10021)
@@ -229,8 +229,9 @@
- DCE_STYLE
- - gsskrb5_get_initiator_subkey() (return the opposite key to what the
- lucid context and get_subkey() calls return).
+ - gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+ has always asked for. gsskrb5_get_subkey() might do what we need
+ anyway)
- gsskrb5_get_authz_data()
@@ -281,13 +282,29 @@
keytab was devised. MEMORY_WILDCARD: is much like MEMORY:, except it
only matches on kvno, rather than on the principal name.
+Another way of handling this amy be to declare "" as a wildcard name,
+or perhaps allow principal names to be fnmatch() or regex expressions.
+
+Hmm, looking over the code again, I'm really not sure we need this...
+We should be able to just specify the same principal as a desired name
+(GSSAPI) and principal (keytab).
+
Extra Heimdal functions used
----------------------------
(an attempt to list some of the Heimdal-specific functions I know we use)
-krb5_make_principal()
krb5_free_keyblock_contents()
+also a raft of prinicpal manipulation functions:
+
+Prncipal Manipulation
+---------------------
+
+Samba makes extensive use of the principal manipulation functions in
+Heimdal, including the known structure behind krb_principal and
+krb5_realm (a char *).
+
+
KDC Extensions
--------------
More information about the samba-cvs
mailing list