[squid-dev] Support lower case http/ spn format for realmd/adcli join support.
Mike Surcouf
mikes at surcouf.co.uk
Tue Jun 26 18:36:46 UTC 2018
This can be seen here but also applies to other helpers that use Kerberos.
https://github.com/squid-cache/squid/blob/5b74111aff8948e869959113241adada0cd488c2/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc#L490
adcli (which realmd uses for AD joins) supports lowercases all SPNs when adding them to a keytab.
Whether HTTP/ or http/ SPNs are valid is up for debate and really depends on the convention of the tool in question but I see no harm in supporting lowercase http/ in addition to HTTP/ SPNs.
As far as I can see even supplying your own SPN does not allow http/ (lowercase)
This would provide compatibility with adcli and realmd join which are common tools for AD management on CentOS/RHEL.
Thanks
Mike
More information about the squid-dev
mailing list