AW: Anyone has an apache running with mod_auth_kerbANDmod_auth_ldap?
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Oct 13 15:10:53 EDT 2006
On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller
<huaraz at moeller.plus.com> wrote:
> I tried to use kinit user\\@mailaddress.com at DOMAIN.COM (\\ escapes @)
> with MIT against AD where the userprincipalname is set to the email
> address but failed, whereas I can login on XP using the email address. I
> found that MS uses a principal type 10 (= enterprise name). Is this
> anywhere defined in a standard or is this a MS extension ?
The value is assigned in RFC4120 section 7.5.8, but without details as to
the expected name form. What you're seeing is the most common usage for
this name type. Note that Kerberos principal name types are advisory; they
generally do not need to match.
You only said "I tried... but failed." How did you fail? Were you unable
to type the backslash, or perhaps the at-sign? Or did kinit print some
error message you're not sharing with us?
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list