Realm gets uppercase'd which doesn't work with Linux Kerberos 5 implementation

[evilsocket]

Hi, i tested this tool against a Linux DC running Kerberos and OpenLDAP ( https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend ) and noticed that all attempts failed due to the realm getting uppercased here from the domain name. While the Microsoft implementation is case insensitive (as all MS things :D), the Linux one is definitely case sensitive, meaning that a -d example.com argument will result in EXAMPLE.COM, which fails.

I think that uppercasing can just be removed, in which case it'll work for both implementation (and the user can just pass whatever case they want).

[0xZDH]

From my understanding, realm is going to be used as a part of the salt during encryption along with the authenticating username (REALMusername). As such, case-sensitivity becomes a factor for the realm/domain and username during authentication as an invalid salt due to case-sensitivity will cause failed validation of authentication even with the right password. Instead of defaulting to not uppercasing the domain when setting the realm, I think a flag can be used to specify a Linux DC which, when set, can treat the domain "as is" when setting the realm.

[evilsocket]

@0xZDH yep I can confirm, that's the exact reason why it was failing for me with OpenLDAP, they just use a different salt case ... if that makes sense? :D

That is why I was suggesting to just let the user pass whatever case they want, but yeah a more explicit flag would definitely make it super clear and usable 👍🏻