[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Case insensitive names

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: Case insensitive names
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 14 Sep 2005 18:08:04 -0400
Cc: Jeffrey Hutzelman <jhutz@CMU.EDU>, Ken Raeburn <raeburn@mit.edu>, Jeffrey Altman <jaltman@mit.edu>, heimdal-discuss@sics.se, krbdev@mit.edu
In-Reply-To: <1126651724.9663.113.camel@localhost.localdomain> (AndrewBartlett's message of "Wed, 14 Sep 2005 08:48:44 +1000")
References: <1126309828.5848.313.camel@amy.flyaway.abartlet.net><43222A05.4050607@mit.edu><1126313407.5848.328.camel@amy.flyaway.abartlet.net><43223044.8070309@mit.edu><1126314891.5848.339.camel@amy.flyaway.abartlet.net><tslzmqi144n.fsf@cz.mit.edu><AA56ECD21DF9509BD96A46A5@sirius.fac.cs.cmu.edu><20050912212441.GI26790@binky.Central.Sun.COM><tsl4q8okd42.fsf@cz.mit.edu><1126651724.9663.113.camel@localhost.localdomain>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes:

    Andrew> On Tue, 2005-09-13 at 14:59 -0400, Sam Hartman wrote:
    >> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com>
    >> writes:
    >> 
    Nicolas> The proposed set/change password version 2 protocol deals
    Nicolas> with principal aliasing...
    >> 
    >> 
    >> It requires that the KDC be able to enumerate all the
    >> principals that a particular service can be known as.  That is
    >> not compatible with case insensitive keytabs in an
    >> interoperable manner.

    Andrew> I don't get this.  If the KDC knows that it is case
    Andrew> insensitve, then why can't it just include an extra
    Andrew> boolean to the effect of 'and all case variations of the
    Andrew> above'?  The set/change password isn't RFC yet, right?
    Andrew> And why can't we have a similar flag in a keytab entry?

The internationalization issues associated with doing this would
probably be annoying to deal with.  The saslprep stringprep profile is
not case-folding, so no, it would not be clear what to do for
extensions if this boolean was set.

But yes, someone could do the necessary work to standardize behavior
for that case and propose adding such a feature.  So far, I don't know
of anyone who plans to do that work.  I agree it would be desirable if
that happened.

--Sam

References:
- Turning off hostname canonicalisation
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Turning off hostname canonicalisation
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Turning off hostname canonicalisation
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Turning off hostname canonicalisation
  - From: Sam Hartman <hartmans@mit.edu>
- Re: Turning off hostname canonicalisation
  - From: Sam Hartman <hartmans@mit.edu>
- Case insensitive names (was Re: Turning off hostnamecanonicalisation)
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: [SAMBA4][PATCH] Provide a hook for Samba4 intogsskrb5_init_context
Next by Date: krb5_verify_user_opt failed
Prev by thread: Case insensitive names (was Re: Turning off hostnamecanonicalisation)
Next by thread: Re: Turning off hostname canonicalisation
Index(es):
- Date
- Thread