summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/kerberos/kerberos-notes.txt23
1 files changed, 20 insertions, 3 deletions
diff --git a/source4/auth/kerberos/kerberos-notes.txt b/source4/auth/kerberos/kerberos-notes.txt
index a9b62742fe..eec1cac3aa 100644
--- a/source4/auth/kerberos/kerberos-notes.txt
+++ b/source4/auth/kerberos/kerberos-notes.txt
@@ -229,8 +229,9 @@ the kerberos libraries
- DCE_STYLE
- - gsskrb5_get_initiator_subkey() (return the opposite key to what the
- lucid context and get_subkey() calls return).
+ - gsskrb5_get_initiator_subkey() (return the exact key that Samba3
+ has always asked for. gsskrb5_get_subkey() might do what we need
+ anyway)
- gsskrb5_get_authz_data()
@@ -281,13 +282,29 @@ still wanted to supply a keytab to the GSSAPI code), a 'wildcard'
keytab was devised. MEMORY_WILDCARD: is much like MEMORY:, except it
only matches on kvno, rather than on the principal name.
+Another way of handling this amy be to declare "" as a wildcard name,
+or perhaps allow principal names to be fnmatch() or regex expressions.
+
+Hmm, looking over the code again, I'm really not sure we need this...
+We should be able to just specify the same principal as a desired name
+(GSSAPI) and principal (keytab).
+
Extra Heimdal functions used
----------------------------
(an attempt to list some of the Heimdal-specific functions I know we use)
-krb5_make_principal()
krb5_free_keyblock_contents()
+also a raft of prinicpal manipulation functions:
+
+Prncipal Manipulation
+---------------------
+
+Samba makes extensive use of the principal manipulation functions in
+Heimdal, including the known structure behind krb_principal and
+krb5_realm (a char *).
+
+
KDC Extensions
--------------