Combined DES salt and Keytab cleanup patch

Dave Daugherty dave.daugherty at centrify.com
Wed Jul 12 03:59:39 GMT 2006


Gerald (Jerry) Carter Sent: Tuesday, July 11, 2006 7:04 PM


Andrew Bartlett wrote:
> > 
> > The problem is that when a different application 
> > uses our keytab, they need to find entries by any
> > name that the client may use.  This includes various
> > case combinations.
> > 
> > Really, the keytab reading code should be case 
> > insensitive, but that changes the kerberos libs...

> Yup.  I've read all of the threads on this and I want
> a concrete examples that fail.  This is one I have to
> see to believe after having following so much of the
> krb5 code that added for this or some other reason
> and is currently not even executed.  Show me and I'll
> add things back in one at a time.



> jerry

As I think I mentioned before (and you probably remember since you are a
smart guy) our test case is the MIT kerberized telnet client that only
does DES.  When I was banging around in this rabbit hole, and I did not
populate DES keys in keytab - kerberized MIT telnet did not work.  This
is not the same as "case sensitivity" but it's a real application for
you to test with.

Dave Daugherty



More information about the samba-technical mailing list