Combined DES salt and Keytab cleanup patch
Love Hörnquist Åstrand
lha at kth.se
Thu Jul 13 18:45:04 GMT 2006
Jerry,
> I agree. it's horrible, But it's the world we live in.
> We can probably do a better job though. I'm still working
> on more cleanups.
I'm not horrified, I just don't know how to solve the problem.
> I'm wondering if the name is always canoncalized by the
> AD KDC based on the matching SPN.
The KDC hands back whatever the the client asks for, including weird
case-ing, and its up to the server to do the matching.
So, if you know what matching rules the ms kdc uses, the the servers needs
to use the same. Since the data is backed by ldap, i assume ldap rules to
matches the UPN/SPN.
Other solution is to add a catch all keytab entry that will match all
entries.
Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 823 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060713/d03cf190/attachment.bin
More information about the samba-technical
mailing list