samba keytab support for AD and kinit -k
    Luke Howard 
    lukeh at padl.com
       
    Mon Nov 29 00:51:08 EST 2004
    
    
  
>    Rakesh> The issue is that in the Windows KDC, an SPN can not be
>    Rakesh> used as a "user" for authentication and computers normally
>    Rakesh> do not contain a UPN entry.  
>
>That is not my understanding of the Microsoft KDC architecture.  This
>claim also goes against interoperability tests I have conducted with
>Microsoft.
If I remember correctly, Rakesh is right. To do an AS-REQ you must
use the UPN or the SAM account name (regardless of the account type).
>Samba's handling of short names and Kerberos principals seems
>different than the Microsoft tools and tends to work much less of the
>time.  IT would be great to see it more consistent with the Windows
>domain join procedure.
There are a bunch of fixes in 3.0.9, YMMV.
-- Luke
--
    
    
More information about the Kerberos
mailing list