On Fri, 2005-09-09 at 21:00 -0400, Jeffrey Altman wrote: > Andrew Bartlett wrote: > > > How are MIT/Heimdal realms coping with windows clients, which I presume > > don't do such fqdn resolution. Is the concept of servicePrincipalName > > spreading to cope, or are there just multiple principals and keytab > > entries being created? > > Currently, large numbers of principal names and keytab entries are being > created to deal with this issue. Likewise, is there any move to at least allow case insensitivity in principal names or keytab entries? I know the Samba patch to allow this (in the member server, presumably for an AD KDC) is pretty ugly... (We normally join the domain and get a password, so take any incoming name, but for some reason we also have AD sites which refuse to give machine trust accounts to their unix servers, so hand out keytabs). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part