Combined DES salt and Keytab cleanup patch
Gerald (Jerry) Carter
jerry at samba.org
Wed Jul 12 10:53:39 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave Daugherty wrote:
> Gerald (Jerry) Carter Sent: Tuesday, July 11, 2006 7:04 PM
> Andrew Bartlett wrote:
>>> The problem is that when a different application
>>> uses our keytab, they need to find entries by any
>>> name that the client may use. This includes various
>>> case combinations.
>>>
>>> Really, the keytab reading code should be case
>>> insensitive, but that changes the kerberos libs...
>
>> Yup. I've read all of the threads on this and I want
>> a concrete examples that fail. This is one I have to
>> see to believe after having following so much of the
>> krb5 code that added for this or some other reason
>> and is currently not even executed. Show me and I'll
>> add things back in one at a time.
...
> As I think I mentioned before (and you probably remember
> since you are a smart guy) our test case is the MIT
> kerberized telnet client that only does DES. When I
> was banging around in this rabbit hole, and I did not
> populate DES keys in keytab - kerberized MIT telnet
> did not work. This is not the same as "case
> sensitivity" but it's a real application for you to
> test with.
Yup. I remember. And it was the first one I tested with.
Works fine for me. Right now I'm working with mod_auth_kerb
for more tests. I also have OpenSSH working and will
toy with OpenLDAP later today.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEtNSzIR7qMdg1EfYRAkRxAJsH6N+AACwcZ/ODbrMWpcUFFw84WACdGxqi
rn7wc1qGVpTEC6GPrkVvQk4=
=DHhh
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list