[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Turning off hostname canonicalisation

To: Jeffrey Hutzelman <jhutz@cmu.edu>
Subject: Re: Turning off hostname canonicalisation
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 13 Sep 2005 21:54:53 -0400
Cc: heimdal-discuss@sics.se, Jeffrey Altman <jaltman@mit.edu>, Ken Raeburn <raeburn@mit.edu>, krbdev@mit.edu
In-Reply-To: <F64D16D5D35ABEEF35D55CEB@sirius.fac.cs.cmu.edu> (JeffreyHutzelman's message of "Tue, 13 Sep 2005 15:10:51 -0400")
References: <1126309828.5848.313.camel@amy.flyaway.abartlet.net><43222A05.4050607@mit.edu><1126313407.5848.328.camel@amy.flyaway.abartlet.net><43223044.8070309@mit.edu><1126314891.5848.339.camel@amy.flyaway.abartlet.net><tslzmqi144n.fsf@cz.mit.edu><AA56ECD21DF9509BD96A46A5@sirius.fac.cs.cmu.edu><20050912212441.GI26790@binky.Central.Sun.COM><tsl4q8okd42.fsf@cz.mit.edu><F64D16D5D35ABEEF35D55CEB@sirius.fac.cs.cmu.edu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz@cmu.edu> writes:

    Jeffrey> On Tuesday, September 13, 2005 02:59:41 PM -0400 Sam
    Jeffrey> Hartman
    Jeffrey> <hartmans@mit.edu> wrote:

    >>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com>
    >>>>>>> writes:
    >>
    Nicolas> The proposed set/change password version 2 protocol deals
    Nicolas> with principal aliasing...
    >> 
    >> 
    >> It requires that the KDC be able to enumerate all the
    >> principals that a particular service can be known as.  That is
    >> not compatible with case insensitive keytabs in an
    >> interoperable manner.

    Jeffrey> You've used that phrase twice now, and I still can't
    Jeffrey> figure out what it means.  What requirement do you see
    Jeffrey> that is not being met?
The issue is that unless I know that both the KDC and the keytab code
are case insensitive, then it will not work interoperably.

I think it is very dangerous to encourage implementations to have
aliasing algorithms beyond what the set/change password spec will
allow because doing so reduces the likelihood that one vendor's code
can be used to replace another vendor's code.

References:
- Turning off hostname canonicalisation
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Turning off hostname canonicalisation
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Turning off hostname canonicalisation
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Turning off hostname canonicalisation
  - From: Sam Hartman <hartmans@mit.edu>
- Re: Turning off hostname canonicalisation
  - From: Sam Hartman <hartmans@mit.edu>

Prev by Date: Case insensitive names (was Re: Turning off hostnamecanonicalisation)
Next by Date: Re: Splitting lib/krb5/pkinit.c
Prev by thread: Re: Case insensitive names
Next by thread: Re: Turning off hostname canonicalisation
Index(es):
- Date
- Thread