w2k kerberos logon

Graham Turner gturner at ipcomputers.demon.co.uk
Sat Dec 14 10:35:41 EST 2002


Luke, from my admittedly lesser knowledge of the kerberos protocol, i
thought a realm was a dns domain name.

would you be happy to explain further "sets the canonicalize flag" ? - is it
some sort of a flag to request from the client to the directory server to
query the directory and map the netbios name to its dns equivalent.

GT

"Luke Howard" <lukeh at PADL.COM> wrote in message
news:200212132128.IAA54977 at au.padl.com...
>
> >trying to get to understand how the kerberos client generates the domain
> >name to authenticate the user when they enter the downlevel NetBIOS name
in
> >the logon dialog box.
>
> The client simply uses the NetBIOS name as the realm, and sets the
> canonicalize flag; the AS-REP contains the DNS domain name in the
> realm.
>
> -- Luke
> --
> Luke Howard | PADL Software Pty Ltd | www.padl.com
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
>





More information about the Kerberos mailing list