Combined DES salt and Keytab cleanup patch

Andrew Bartlett abartlet at
Wed Jul 12 01:56:58 GMT 2006

On Tue, 2006-07-11 at 13:34 -0500, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Gerald (Jerry) Carter wrote:
> > Here's the combined DES salting and Keytab cleanup.  It's
> > hard to separate the patches since they both touch the same
> > area.
> > 
> > Major points of interest:
> > 
> > * Figure the DES salt based on the domain functional level
> >   and UPN (if present and applicable)
> > * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
> >   keys
> > * Remove all the case permutations in the keytab entry
> >   generation (to be partially re-added only if necessary).

The problem is that when a different application uses our keytab, they
need to find entries by any name that the client may use.  This includes
various case combinations.

Really, the keytab reading code should be case insensitive, but that
changes the kerberos libs...

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list