AW: Anyone has an apacherunningwith mod_auth_kerbANDmod_auth_ldap?

Markus Moeller huaraz at moeller.plus.com
Fri Oct 13 15:50:15 EDT 2006


If I change the MIT code (set the type to 10 in parse.c) I can get a ticket 
with my email address as principal name.

Regards
Markus

"Markus Moeller" <huaraz at moeller.plus.com> wrote in message 
news:egop10$50c$1 at sea.gmane.org...
> Thanks for clarifying. I got the following reply
>
> kinit(v5): Client not found in Kerberos database while getting initial 
> credentials
>
> The only real difference I could see in the AS REQ is that XP uses type 10 
> and kinit use type 1.
>
> Regards
> Markus
>
> "Jeffrey Hutzelman" <jhutz at cmu.edu> wrote in message 
> news:AE1D56BEA05AA8A328BF3929 at sirius.fac.cs.cmu.edu...
>>
>>
>> On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller
>> <huaraz at moeller.plus.com> wrote:
>>
>>> I tried to use kinit user\\@mailaddress.com at DOMAIN.COM (\\ escapes @)
>>> with  MIT against AD where the userprincipalname is set to the email
>>> address but  failed, whereas I can login on XP using the email address. 
>>> I
>>> found that MS  uses a principal type 10 (= enterprise name). Is this
>>> anywhere defined in a  standard or is this a MS extension ?
>>
>> The value is assigned in RFC4120 section 7.5.8, but without details as to
>> the expected name form.  What you're seeing is the most common usage for
>> this name type.  Note that Kerberos principal name types are advisory; 
>> they
>> generally do not need to match.
>>
>> You only said "I tried... but failed."  How did you fail?  Were you 
>> unable
>> to type the backslash, or perhaps the at-sign?  Or did kinit print some
>> error message you're not sharing with us?
>>
>> -- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
>>   Sr. Research Systems Programmer
>>   School of Computer Science - Research Computing Facility
>>   Carnegie Mellon University - Pittsburgh, PA
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 






More information about the Kerberos mailing list