[29722] in Kerberos
Re: Is it necessary to assign hostname to slave KDC in small letters
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Apr 23 11:58:58 2008
From: Ken Raeburn <raeburn@MIT.EDU>
To: Juri Dakua <jdakua@TechMahindra.com>
In-Reply-To: <D383D90C-31CE-487A-928B-85D6D829E2CE@mit.edu>
Message-Id: <6EFB7D10-F687-455B-BD30-57991E0B01C9@mit.edu>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Wed, 23 Apr 2008 11:56:10 -0400
Cc: Kerberos mailing list list <kerberos@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On Apr 23, 2008, at 11:26, Ken Raeburn wrote:
> DNS is not case-sensitive. Kerberos requires a single, fixed binary
> encoding of a name -- that is, the spelling of the name is case-
> sensitive. The Kerberos library will take the name supplied and
> convert it to lowercase. So you can tell your host its name in
> whatever case you want, and you can enter it into DNS using whatever
> case you want (the two need not match), but the Kerberos service
> principal names must use the lowercase form (and, obviously, need
> not match the other two).
I've been reminded privately that there may be cases where other
implementations don't always behave this way. The *MIT*
implementation does follow the RFC spec in this, and will always use
lowercase host names.
There are also cases having to do with new specifications in the works
where, depending on a site's configuration, getting the case exactly
correct may be less critical. Again, at the moment, that doesn't
really affect the MIT implementation.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
