Catching more principals in ads_keytab_verify_ticket()

Jeremy Allison jra at
Sun Feb 27 02:32:26 GMT 2005

On Sun, Feb 27, 2005 at 02:04:09AM +0000, Michael Brown wrote:
> On Sat, 26 Feb 2005, Doug VanLeuven wrote:
> > Since that section of code went in, the noise level has gone to almost
> > zero.  There's no telling, really, which variations do the trick for all
> > environments.  When I mentioned I thought it wouldn't hurt to add a
> > variation to cover your discovery I had in mind something more like the
> > following.  This adds two entries to the keytab and the verify routines.
> Yes; your patch solves this particular instance of the problem.  However, 
> it still doesn't cover all potential case combinations, which mine does.  
> It seems as though MS aren't particularly careful about the case they use
> when obtaining tickets (see e.g. Q281401).  Adding extra principals to the
> KDC and keytab for each server once you've discovered which ones you need
> is trivial compared to patching Samba to add Yet Another Case Variation
> and rolling out the patched smbd; I think it's therefore better for Samba
> to cope with all potential case combinations out of the box.
> What do you think?

I'm not going to add either patch until you huys have both
agreed. When you do - re-mail me the patch you want going in
and I'll look at that.

The kerberos keytab stuff is complex enough that the last
thing I want to see is "warring patches" that fix different
things for different people.


More information about the samba-technical mailing list