Combined DES salt and Keytab cleanup patch

Gerald (Jerry) Carter jerry at
Wed Jul 12 10:53:39 GMT 2006

Hash: SHA1

Dave Daugherty wrote:
> Gerald (Jerry) Carter Sent: Tuesday, July 11, 2006 7:04 PM
> Andrew Bartlett wrote:
>>> The problem is that when a different application 
>>> uses our keytab, they need to find entries by any
>>> name that the client may use.  This includes various
>>> case combinations.
>>> Really, the keytab reading code should be case 
>>> insensitive, but that changes the kerberos libs...
>> Yup.  I've read all of the threads on this and I want
>> a concrete examples that fail.  This is one I have to
>> see to believe after having following so much of the
>> krb5 code that added for this or some other reason
>> and is currently not even executed.  Show me and I'll
>> add things back in one at a time.
> As I think I mentioned before (and you probably remember 
> since you are a smart guy) our test case is the MIT
> kerberized telnet client that only does DES.  When I
> was banging around in this rabbit hole, and I did not
> populate DES keys in keytab - kerberized MIT telnet 
> did not work.  This is not the same as "case
> sensitivity" but it's a real application for you to
> test with.

Yup.  I remember. And it was the first one I tested with.
Works fine for me.  Right now I'm working with mod_auth_kerb
for more tests. I also have OpenSSH working and will
toy with OpenLDAP later today.

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE -


More information about the samba-technical mailing list