r10021: More kerberos notes.

(This used to be commit f36e657a416d7ec7146d84da88b28c2606ff838a)

1 files changed, 20 insertions, 3 deletions

diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt
index a9b62742fe..eec1cac3aa 100644
--- a/source4/auth/kerberos/kerberos-notes.txt
+++ b/source4/auth/kerberos/kerberos-notes.txt
@@ -229,8 +229,9 @@ the kerberos libraries
 
  - DCE_STYLE
 
- - gsskrb5_get_initiator_subkey() (return the opposite key to what the
-   lucid context and get_subkey() calls return).
+ - gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+   has always asked for.  gsskrb5_get_subkey() might do what we need
+   anyway)
 
  - gsskrb5_get_authz_data()
 
@@ -281,13 +282,29 @@ still wanted to supply a keytab to the GSSAPI code), a 'wildcard'
 keytab was devised.  MEMORY_WILDCARD: is much like MEMORY:, except it
 only matches on kvno, rather than on the principal name.
 
+Another way of handling this amy be to declare "" as a wildcard name,
+or perhaps allow principal names to be fnmatch() or regex expressions.
+
+Hmm, looking over the code again, I'm really not sure we need this...
+We should be able to just specify the same principal as a desired name
+(GSSAPI) and principal (keytab).
+
 Extra Heimdal functions used
 ----------------------------
 (an attempt to list some of the Heimdal-specific functions I know we use)
 
-krb5_make_principal()
 krb5_free_keyblock_contents()
 
+also a raft of prinicpal manipulation functions:
+
+Prncipal Manipulation
+---------------------
+
+Samba makes extensive use of the principal manipulation functions in
+Heimdal, including the known structure behind krb_principal and
+krb5_realm (a char *).
+
+
 KDC Extensions
 --------------