[PATCH] heimdal fixes for the new keytab code

Gerald (Jerry) Carter jerry at samba.org
Wed Jul 7 19:03:39 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
| Guenther Deschner wrote:
|
| | * Joining ADS (w2k3 in my case) with current 3_0 svn with
| | security = ads (no unix keytab involved)
| |
| | mthelena:~ # net ads join -U administrator%secret -d0
| | Using short domain name -- W2K3TEST
| | Joined 'MTHELENA' to realm 'W2K3TEST.SERNET.DE'
| |
| | * lets see what principals were created
|
| ....
|
| OK.  So it's the userPincipalName that we have to use
| to get a TGT.  The problem then is the cononicalization
| of the name.  We have to use the servicePrincipalName
| for the keytab and the userPrincipalName for obtaining
| a TGT.  Makes sense I guess.

Guenther,

I check it a change to 3.0 that should resolve the problem
with the LDAP SASL binds.  It fixes the test case you described.
Mind checking to see if there are any other outstanding problems?
I'll look at #1208 next.





cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA7EkLIR7qMdg1EfYRAq/sAJ4mIclCMJaNwlp+ptCjK/iR/igjAQCfaH7h
PaqZtZQPJCAUFX2izejmbOU=
=tkKu
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list