[23903] in Kerberos
Re: host name canonicalization
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon May 16 14:51:29 2005
To: "Frank Balluffi" <frank.balluffi@db.com>
From: Sam Hartman <hartmans@mit.edu>
Date: Mon, 16 May 2005 14:45:21 -0400
In-Reply-To:
<OFD8FA6957.1E1AD2A8-ON85257003.006229A3-85257003.0063DA94@db.com> (Frank
Balluffi's message of "Mon, 16 May 2005 14:06:53 -0400")
Message-ID: <tslzmuv57su.fsf@cz.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>>>>> "Frank" == Frank Balluffi <frank.balluffi@db.com> writes:
Frank> It is my understanding that version 1.3.1 of MIT
Frank> gss_import_name canonicalizes host names using DNS. Does
Frank> the latest version of MIT GSSAPI canonicalize host names?
Frank> Is it possible to configure this behavior?
Yes it does and no it is not, although an option to configure this
behavior has been added and will appear by the 1.5 release.
Frank> Microsoft supports the KDC option NAME_CANONICALIZE (15) --
Frank> see
Frank> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/4a1daa3e-b45c-44ea-a0b6-fe8910f92f28.mspx.
Frank> Does this mean host name canonicalization on the KDC?
no. It has to do with user name canonicalization.
Frank> Does
Frank> MIT support KDC option 15?
not at this time.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
