[Samba] Kerberos Keytab Code Update in 3.0.23
Gerald (Jerry) Carter
jerry at samba.org
Thu Jul 13 17:47:15 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Doug,
> File a bug report if you believe this to be true. I'm
> not at 3.0.23 right now and don't have the time to try it
> here. I wouldn't want to lose this. I did see a mention
> they dropped support of joins from machines where
> the domain differs from the realm, but haven't had
> time to check this. There has been a rewrite of the
> ads join code since 3.0.22.
Doug,
You should probably review my comments to Scott. Keytab
support is being rewritten, not dropped.
> Just that windows doesn't guarantee case in names.
>
> For example, on my login, the current tickets show up as
> HOST/foo at BAR.COM
> host/foo.bar.com at BAR.COM
> HOST/FOO1 at BAR.COM
> HOST/FOO1.bar.com at BAR.COM
Your tickets where? From kerbtray.exe? Or on a Unix box?
I just an not seeing this case permutation you claim.
What is the list of SPNs for that Samba account in AD?
Can you tell what applications are generating these requests
so I can reproduce it?
PS: I asked out Apache guy (at Centeris) who is working
with mod_auth_kerb and he claims that krb5 authentication
to http://SerVer.ExaMple.COM still gets a ticket for
HTTP/server.example.com which supports my theory about
tickets based on SPN values.
chers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEtocjIR7qMdg1EfYRAmaeAJ9GtQm5jl3Tu6cnCrYMzUXYvYBOzwCguqEu
3SzBl9P3VkVi/P2rxzUMn58=
=zrFO
-----END PGP SIGNATURE-----
More information about the samba
mailing list