Actually, that value shouldn't be hard-coded because there are cases where it needs to have a different value. Take a look at the MIT kinit packet (with a -S argument) that I captured and attached to DIRKRB-440. The MIT knit program with a -S option actually retrieves a TGT with an associated server principal. This is different from what happens when a TGS is granted using a TGT.
This is one of those cases we discussed in the thread with Emmanuel - the KrbOption layer makes it tougher to handle both cases. It would be possible to ad a KrbOption that specifies which NameType should be used with each request, but that means the code will need to differentiate between the values. And I'm not sure what sane default would be since it's normally a NameType(1) with a TGT request and a NameType(2) with a TGS request (from my experience). I guess maybe if a S-Principal is specified, require that the S-Principal-NameType also be provided? In the long run it might be easier to give the client a couple methods like: 1) retrieveTgt(AsRequest) 2) retrieveTgs(AsRequest) and let the client user's code build the appropriate AsRequest. Hope this helps! Steve -- “The mark of the immature man is that he wants to die nobly for a cause, while the mark of the mature man is that he wants to live humbly for one.” - Wilhelm Stekel ----- Original Message ----- From: "Kai Zheng (JIRA)" <[email protected]> To: [email protected] Sent: Friday, November 20, 2015 7:21:11 PM Subject: [jira] [Updated] (DIRKRB-464) Correcting the principal name type for the TGS principal [ https://issues.apache.org/jira/browse/DIRKRB-464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kai Zheng updated DIRKRB-464: ----------------------------- Description: The correct name type should be KRB5_NT_SRV_INST (2), instead of kRB5-NT-PRINCIPAL (1). The issue may not affect MIT Kerberos, but Windows Server 2008 R2 because the later insists on that. (was: The correct name type should be KRB5_NT_SRV_INST (2), instead of kRB5-NT-PRINCIPAL (1).) > Correcting the principal name type for the TGS principal > -------------------------------------------------------- > > Key: DIRKRB-464 > URL: https://issues.apache.org/jira/browse/DIRKRB-464 > Project: Directory Kerberos > Issue Type: Bug > Reporter: Kai Zheng > Assignee: Kai Zheng > > The correct name type should be KRB5_NT_SRV_INST (2), instead of > kRB5-NT-PRINCIPAL (1). The issue may not affect MIT Kerberos, but Windows > Server 2008 R2 because the later insists on that. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
