[PATCH] Don't ucase configured realm

Matthias Dieter Wallnöfer mdw at samba.org
Tue Mar 9 00:10:46 MST 2010 

It's not only this. Sometimes we divide correctly between DNS domainname 
(szRealm_lower) and realm (szRealm_upper) but not always (e.g. we could 
take an upcased DNS domainame as the realm). It is a huge task to review 
and check all occurences of those calls. Plus, since you keep the realm 
case-sensitive that means you are not really standard-AD compatible.

Matthias

Benjamin Coddington wrote:
> In the Samba4 case, is this because it is already broken out into 
> szRealm_upper and szRealm_lower, where szRealm_lower is used as 
> lp_dnsdomain?  Could not the "respect case" case only modify 
> szRealm_upper?  What is the difficult part for Samba 4?
>
> Ben
>
> On 3/8/10 11:55 AM, Matthias Dieter Wallnöfer wrote:
>> Hi Benjamin,
>>
>> SAMBA 3 might accept such a change - we at the SAMBA 4 side for sure not
>> (it would require such an amount of work to change this - nearly
>> undoable). And as Andrew Bartlett stated here: also the "real AD"
>> upcases always the realm.
>>
>> Greets,
>> Matthias
>>
>> Benjamin Coddington wrote:
>>> On 3/4/10 4:38 PM, Andrew Bartlett wrote:
>>>> On Thu, 2010-03-04 at
>>>> 11:45 -0500, Benjamin Coddington wrote:
>>>>> Hi everyone. We are one of the few that need to preserve case in
>>>>> kerberos realm names. The following seems to make sense -
>>>>> administrators ought to use the proper case when configuring a realm
>>>>> name.
>>>>
>>>> Unfortunately, far more administrators don't know the proper case.
>>>> Active Directory forces to upper case, and creates little 
>>>> distinction in
>>>> the administrators minds between lower case dns domains and upper case
>>>> realms. If we were to apply this patch, many existing sites would
>>>> break, while others would have to chase down strange and unusual 
>>>> errors
>>>> like 'reply from KDC does not match expections' trying to make things
>>>> work.
>>>>
>>>> The solution for your use in an MIT realm (I presume) will need
>>>> particular care.
>>>>
>>>> I'm sorry it's not so simple,
>>>>
>>>> Andrew Bartlett
>>>
>>> Would you accept a change to add an option to respect realm case?
>>>
>>> Ben
>>>
>>
>

More information about the samba-technical mailing list