Bug 3517 - Computer Account userPrincipalName format breaks MIT Telnet
Summary: Computer Account userPrincipalName format breaks MIT Telnet
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.9
Hardware: Other Windows XP
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-14 22:59 UTC by David Daugherty
Modified: 2006-02-15 22:48 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Daugherty 2006-02-14 22:59:15 UTC 
Using Samba 3.0.20B on RHL 9. Windows 2000 Service Pack 4.

MIT Kerberized Telnet is hard coded to use des-cbc-crc and expects to use the service principal name as salt (i.e. host/<fqdn>@REALM).

However setting UPN causes Win2k server to use the UPN as salt instead.

Samba populates UPN with HOST/<HostShortName>@REALM.

Since this results in the wrong salt MIT Kerberized Telnet breaks.

Suggest clearing the UPN and not relying on it (see ldap.c:ads_connect) or changing the UPN to be host/<fqdn>@REALM
Comment 1 David Daugherty 2006-02-15 22:48:59 UTC 
Okay I think I might have been a little premature on this bug report.  My bad. I think I will close it and reopen it later if I convince myself this is really is a problem - sorry.