search

jcmturner / gokrb5

Pure Go Kerberos library for clients and services
Apache License 2.0
723 stars 245 forks source link

dns lookups shouldn't be used as-is for case sensitive principal names #465

Closed snqk closed 2 years ago

snqk commented 2 years ago

spnego.Client currently re-uses the exact response from CNAME lookups for principal names.

This can sometimes result in a KDC_ERR_S_PRINCIPAL_UNKNOWN error when DNS returns a mixed case (or upper case) response.