Combined DES salt and Keytab cleanup patch
dave.daugherty at centrify.com
Wed Jul 12 03:59:39 GMT 2006
Gerald (Jerry) Carter Sent: Tuesday, July 11, 2006 7:04 PM
Andrew Bartlett wrote:
> > The problem is that when a different application
> > uses our keytab, they need to find entries by any
> > name that the client may use. This includes various
> > case combinations.
> > Really, the keytab reading code should be case
> > insensitive, but that changes the kerberos libs...
> Yup. I've read all of the threads on this and I want
> a concrete examples that fail. This is one I have to
> see to believe after having following so much of the
> krb5 code that added for this or some other reason
> and is currently not even executed. Show me and I'll
> add things back in one at a time.
As I think I mentioned before (and you probably remember since you are a
smart guy) our test case is the MIT kerberized telnet client that only
does DES. When I was banging around in this rabbit hole, and I did not
populate DES keys in keytab - kerberized MIT telnet did not work. This
is not the same as "case sensitivity" but it's a real application for
you to test with.
More information about the samba-technical