> > Well, actually auth2 wanted a token for host/HOSTNAME.DOMAIN_at_KRB5REALM, but 
> > clog supplied one for host/HOSTNAME.domain_at_KRB5REALM - this was 
> > debugging-output I created in get_principal right after krb_canonicalize_host 
> > - and I don't think this hostname is changed anymore!? The point might be, 
> > that clog already supplied the fqdn, so krb_canonicalize_host left it 
> > unchanged, wheres auth2 simply supplies NULL here!

> IVAN, HELP!!! Can the patch that is attached to Michael's bug report
> break anything?
> 
>     http://www.coda.cs.cmu.edu/rt2/Ticket/Display.html?id=864

:) glad to be useful.

that should not break much - except for forcing "uppercase" principals,
i.e. in general it is not compatible with existing setups...
should be no problem for new ones.

Anyway, the _code_ that the patch tries to fix is basically very wrong.
There should be _no_ hostname used for the auth service principal,
we were just inventing a problem.
I do not think either that the code is worth improving.
I'd rather like to replace it with the experimental new modular one.

I guess the prolem the patch fixes is triggered by hosts lookups returning
uppercase hostnames. In that case the patch can be used as a nice workaround.

My 2 oere...
--
Ivan