Skip to content

Commit fc03492

Browse files
simo5simo5
committed
The http service name is HTTP
Service names are generally case sensitive in Kerberos implementations (with the notable exception of Microsoft Active Directory that treats them in a case-insensitive way). For unknown reasons the service name used for the http protocol has been historically uppercased. So the examples should use HTTP otherwise implementors may use http and fail to interoperate with servers that follow the proper case sensitivity rules for Kerberos principal names as defined in RFC4120. Signed-off-by: Simo Sorce <[email protected]>
1 parent 12aa6af commit fc03492

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

docs/source/basic-tutorial.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,12 @@ Suppose we wanted to refer to an HTTP server on the current host.
4343
We could refer to it as a *host-based service*, or in the default
4444
mechanism form (in this case, for krb5):
4545

46-
>>> server_hostbased_name = gssapi.Name('http@' + FQDN, name_type=gssapi.NameType.hostbased_service)
46+
>>> server_hostbased_name = gssapi.Name('HTTP@' + FQDN, name_type=gssapi.NameType.hostbased_service)
4747
>>> server_hostbased_name
48-
Name(b'http@sross', <OID 1.2.840.113554.1.2.1.4>)
49-
>>> server_name = gssapi.Name('http/sross@')
48+
Name(b'HTTP@sross', <OID 1.2.840.113554.1.2.1.4>)
49+
>>> server_name = gssapi.Name('HTTP/sross@')
5050
>>> server_name
51-
Name(b'http/sross@', None)
51+
Name(b'HTTP/sross@', None)
5252
>>>
5353

5454
These are both effectively the same, but if we *canonicalize* both
@@ -75,11 +75,11 @@ Credentials may be acquired for a particular name, or the default set
7575
of credentials may be acquired.
7676

7777
For instance, suppose that we are writing a server, and wish to
78-
communicate accept connections as the 'http' service. We would need
78+
communicate accept connections as the 'HTTP' service. We would need
7979
to acquire credentials as such:
8080

81-
>>> REALM.addprinc('http/%s@%s' % (FQDN, REALM.realm))
82-
>>> REALM.extract_keytab('http/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
81+
>>> REALM.addprinc('HTTP/%s@%s' % (FQDN, REALM.realm))
82+
>>> REALM.extract_keytab('HTTP/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
8383
>>> server_creds = gssapi.Credentials(usage='accept', name=server_name)
8484
>>>
8585

0 commit comments

Comments
 (0)