By Weijun on Jan 02, 2008
Certainly Java won't accept that, when the returned realm name in a KDC-REP message is (case-sensitive) different from the one sent in KDC-REQ, there's an error, and a KrbException is thrown.
I've tried to tweak the JDK codes to ignore realm name checking and do some case-changing experiments. Every one passes smoothly, realm names, host names, service names, whatever. Everything works. Microsoft just doesn't care about cases. We know it has a long history of acting like this. BASIC language doesn't care about it, neither do DOS filenames. Last time we added pre-authentication into JDK's Kerberos so that you can enter your user name as either Bill or bill or bIll. And now, do we need to meet this ignorance again?
I'm not a lawyer, I have no idea if the embrace, extend, and extinguish means is legal or illegal in what extents. When someone extends an existing standard (in the MS way), which way shall the standard goes? Just ignore it? or re-embrace it? There's surely the risk of making the standard into a total mess some time.