Catching more principals in ads_keytab_verify_ticket()
Jeremy Allison
jra at samba.org
Sun Feb 27 02:32:26 GMT 2005
On Sun, Feb 27, 2005 at 02:04:09AM +0000, Michael Brown wrote:
> On Sat, 26 Feb 2005, Doug VanLeuven wrote:
> > Since that section of code went in, the noise level has gone to almost
> > zero. There's no telling, really, which variations do the trick for all
> > environments. When I mentioned I thought it wouldn't hurt to add a
> > variation to cover your discovery I had in mind something more like the
> > following. This adds two entries to the keytab and the verify routines.
>
> Yes; your patch solves this particular instance of the problem. However,
> it still doesn't cover all potential case combinations, which mine does.
>
> It seems as though MS aren't particularly careful about the case they use
> when obtaining tickets (see e.g. Q281401). Adding extra principals to the
> KDC and keytab for each server once you've discovered which ones you need
> is trivial compared to patching Samba to add Yet Another Case Variation
> and rolling out the patched smbd; I think it's therefore better for Samba
> to cope with all potential case combinations out of the box.
>
> What do you think?
I'm not going to add either patch until you huys have both
agreed. When you do - re-mail me the patch you want going in
and I'll look at that.
The kerberos keytab stuff is complex enough that the last
thing I want to see is "warring patches" that fix different
things for different people.
Jeremy.
More information about the samba-technical
mailing list