[30849] in Kerberos
Re: Authenticating using lower case domain/realm
daemon@ATHENA.MIT.EDU (Santos)
Tue Mar 10 12:31:01 2009
MIME-Version: 1.0
In-Reply-To: <87r6165flj.fsf@windlord.stanford.edu>
Date: Tue, 10 Mar 2009 16:30:36 +0000
Message-ID: <d2912e600903100930m89abf2p7ea181cdd7f6aae1@mail.gmail.com>
From: Santos <sansancasd@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Does krb5.conf have a setting to have the enterprise name as default? I
tried searching about it, but no success. Anyway, if pam_krb5 doesn't
support this, the cause is lost anyway.
Thank you all for the information.
On Tue, Mar 10, 2009 at 1:30 AM, Russ Allbery <rra@stanford.edu> wrote:
> Luke Howard <lukeh@padl.com> writes:
> > On 10/03/2009, at 3:17 AM, Santos wrote:
>
> >> If i compile MIT kerberos 1.7 on ubuntu 8.10. Will pam_krb5 be able to
> >> use those flags? Does the krb5.conf file have any settings to enable
> >> those settings as default?
>
> > It doesn't but you should be able to easily modify pam_krb5 to call
> > krb5_get_init_creds_opt_set_canonicalize(), and to call
> > krb5_parse_name_flags(KRB5_PRINCIPAL_PARSE_ENTERPRISE) rather than
> > krb5_parse_name(). Of course, this should be made configurable.
>
> Patch welcome from someone who can easily test it. :)
>
> --
> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/<http://www.eyrie.org/%7Eeagle/>
> >
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
