Skip Menu |
 

From: Ken Raeburn <raeburn@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: bugs in generating kadmin service principal name from hostname
Date: Fri, 26 Jun 2009 18:45:11 -0400
I think kadm5_get_admin_service_name should be using
krb5_sname_to_principal. As the code is now, it doesn't follow the
same logic for generating the host-based principal names for kadmin as
we use for other host-based services. (You can argue that that logic
in sn2princ is wrong, and we shouldn't be doing the DNS lookups, blah
blah blah, but I think being inconsistent and wrong in two places is
worse than being consistently wrong and doing it in one place.)

If there's a reason for it not to use krb5_sname_to_principal, it
should probably at least force the hostname to lower-case when
constructing the principal name. The only reason I can think of is
consistency with Sun's behavior, but I would think we'd want that more
globally, or more generally configurable, not just confined to kadmin.