(Illustration by Gaich Muramatsu)
> > Well, actually auth2 wanted a token for host/HOSTNAME.DOMAIN_at_KRB5REALM, but > > clog supplied one for host/HOSTNAME.domain_at_KRB5REALM - this was > > debugging-output I created in get_principal right after krb_canonicalize_host > > - and I don't think this hostname is changed anymore!? The point might be, > > that clog already supplied the fqdn, so krb_canonicalize_host left it > > unchanged, wheres auth2 simply supplies NULL here! > IVAN, HELP!!! Can the patch that is attached to Michael's bug report > break anything? > > http://www.coda.cs.cmu.edu/rt2/Ticket/Display.html?id=864 :) glad to be useful. that should not break much - except for forcing "uppercase" principals, i.e. in general it is not compatible with existing setups... should be no problem for new ones. Anyway, the _code_ that the patch tries to fix is basically very wrong. There should be _no_ hostname used for the auth service principal, we were just inventing a problem. I do not think either that the code is worth improving. I'd rather like to replace it with the experimental new modular one. I guess the prolem the patch fixes is triggered by hosts lookups returning uppercase hostnames. In that case the patch can be used as a nice workaround. My 2 oere... -- IvanReceived on 2004-04-06 16:45:13