Content-Disposition: inline
In-Reply-To: <MDAEMON-F201905232317.AA174457md50000021921@sequoia-grove.secure-endpoints.com>
Content-Type: text/html; charset="utf-8"
Message-ID: <rt-4.4.4-60459-1585635138-1693.8809-0-0@mit.edu>
MIME-Version: 1.0
X-RT-Interface: Web
X-Mailer: MIME-tools 5.507 (Entity 5.507)
References: <MDAEMON-F201905232317.AA174457md50000021921@sequoia-grove.secure-endpoints.com> <RT-Ticket-8809@mit.edu>
X-RT-Original-Encoding: utf-8
Content-Transfer-Encoding: binary
RT-Send-CC:
Content-Length: 718

<div>On Fri May 24 01:37:41 2019, jaltman@secure-endpoints.com wrote:
<blockquote>
<div>
<p>gss-krb5 when passed a two component acceptor name passes the second component to getaddrinfo() to canonicalize it.&nbsp;&nbsp; While it is often the case that the second component of a service name is a hostname, it is not always a hostname.</p>
</div>
</blockquote>
</div>
Apologies for letting this sit for a year and then coming back with an argument, but: does it make sense to use&nbsp;GSS_C_NT_HOSTBASED_SERVICE when the second part of the name isn&#39;t a hostname?&nbsp; RFC 2743 section 4.1 is pretty clear that the second part is a hostname.&nbsp; Would it be better to import using&nbsp;GSS_KRB5_NT_PRINCIPAL_NAME?