[PATCH] Improve krb5 KDC tests, kdc behaviour
abartlet at samba.org
Sun Feb 8 17:56:34 MST 2015
On Tue, 2015-02-03 at 13:45 +0100, Andreas Schneider wrote:
> We have found the issue. It is in the client code and not in the KDC.
> See the attached patch.
> -- andreas
> Subject: [PATCH] krb5-wrap: Use the principal returned by the KDC to
> the ccache
> We request a TGT in uppercase from the KDC. We turned on
> canonicalization for that so the KDC returns the principal in
> cause of this. As we use the uppercase prinicpal to create the ccache
> fail to find the tickets we need later because it is stored in the
> incorrect case. You have to use the princial returned by the KDC here.
This all seems reasonable, except that I can't see where we set
canonicalization on. Is that only in your patch series? If not this
difference in the MIT vs Heimdal default behaviour may expose other
issues in other places, or there may still be more to it.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical