[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Case insensitive names
>>>>> "Andrew" == Andrew Bartlett <firstname.lastname@example.org> writes:
Andrew> On Tue, 2005-09-13 at 14:59 -0400, Sam Hartman wrote:
>> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com>
Nicolas> The proposed set/change password version 2 protocol deals
Nicolas> with principal aliasing...
>> It requires that the KDC be able to enumerate all the
>> principals that a particular service can be known as. That is
>> not compatible with case insensitive keytabs in an
>> interoperable manner.
Andrew> I don't get this. If the KDC knows that it is case
Andrew> insensitve, then why can't it just include an extra
Andrew> boolean to the effect of 'and all case variations of the
Andrew> above'? The set/change password isn't RFC yet, right?
Andrew> And why can't we have a similar flag in a keytab entry?
The internationalization issues associated with doing this would
probably be annoying to deal with. The saslprep stringprep profile is
not case-folding, so no, it would not be clear what to do for
extensions if this boolean was set.
But yes, someone could do the necessary work to standardize behavior
for that case and propose adding such a feature. So far, I don't know
of anyone who plans to do that work. I agree it would be desirable if