Catching more principals in ads_keytab_verify_ticket()
Michael Brown
mbrown at fensystems.co.uk
Sun Feb 27 02:04:09 GMT 2005
On Sat, 26 Feb 2005, Doug VanLeuven wrote:
> Since that section of code went in, the noise level has gone to almost
> zero. There's no telling, really, which variations do the trick for all
> environments. When I mentioned I thought it wouldn't hurt to add a
> variation to cover your discovery I had in mind something more like the
> following. This adds two entries to the keytab and the verify routines.
Yes; your patch solves this particular instance of the problem. However,
it still doesn't cover all potential case combinations, which mine does.
It seems as though MS aren't particularly careful about the case they use
when obtaining tickets (see e.g. Q281401). Adding extra principals to the
KDC and keytab for each server once you've discovered which ones you need
is trivial compared to patching Samba to add Yet Another Case Variation
and rolling out the patched smbd; I think it's therefore better for Samba
to cope with all potential case combinations out of the box.
What do you think?
Michael
More information about the samba-technical
mailing list