Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.9.3p2) with ESMTP id UAA24747; Tue, 28 Nov 2006 20:00:43 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id kAT10gJv005113 for ; Tue, 28 Nov 2006 20:00:42 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id kAT10fju024645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 28 Nov 2006 20:00:41 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id kAT10ftN002242; Tue, 28 Nov 2006 20:00:41 -0500 (EST) To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #3322] References: From: Tom Yu Date: Tue, 28 Nov 2006 20:00:40 -0500 In-Reply-To: (Tom Yu via's message of "Tue, 3 Jan 2006 16:29:03 -0500 (EST)") Message-Id: Lines: 5 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 324 Following the referrals merge, gc_via_tkt is still a bit too strict about server principal checks. In the non-canonicalization case, it should allow the server principal to differ from the requested server if both are TGS principals and the requested principal has a second component which is not the client's local realm.