No case sensitive principal names for AD KDC
Michael
Michael.Montag at web.de
Tue Nov 25 15:59:09 EST 2003
Hi all,
I have an environment, where MIT Kerberos clients request
TGT Tickets form MS Active Directory KDC. For preauthentication
PA_ENC_TIMESTAMP is used. The user/principal name is
case-sensitive, i.e. AD KDC does only provide a TGT, when the
principal name used for constructing the ticket request on the client
is case equal to the windows user account name configured in AD.
Windows clients (e.g., windows messenger) requesting a TGT for
the same account are not restricted to case equal names.
Is this due to the different used pre-authentication scheme
(PA_PAC_TIMESTAMP)?
Is there any way (configuring AD KDC or MIT-Kerberos client)
that allows users on the MIT-Kerberos client
to don't bother about case sensitivity of user/principal names
when asked to provide their login name ?
Thanks,
Michael
More information about the Kerberos
mailing list