Ideas on the kerberos issues with 3.0.6

Luke Howard lukeh at PADL.COM
Thu Sep 9 14:22:16 GMT 2004

>In our case, we only check (in the session setup kerberos_verify.c code)
>HOST/  My vauge understanding of
>kerberos tells me that this will work for the 'unsalted' encryption
>types (type 23) but not for the older, salted types, which would line up
>with the bugs suffered by those with krb5 1.2.

My understanding is that the canonical principal name is (e.g.
W2003FINAL$) is used for salting.

-- Luke

More information about the samba-technical mailing list