AW: Anyone has an apacherunningwith mod_auth_kerbANDmod_auth_ldap?
huaraz at moeller.plus.com
Fri Oct 13 15:50:15 EDT 2006
If I change the MIT code (set the type to 10 in parse.c) I can get a ticket
with my email address as principal name.
"Markus Moeller" <huaraz at moeller.plus.com> wrote in message
news:egop10$50c$1 at sea.gmane.org...
> Thanks for clarifying. I got the following reply
> kinit(v5): Client not found in Kerberos database while getting initial
> The only real difference I could see in the AS REQ is that XP uses type 10
> and kinit use type 1.
> "Jeffrey Hutzelman" <jhutz at cmu.edu> wrote in message
> news:AE1D56BEA05AA8A328BF3929 at sirius.fac.cs.cmu.edu...
>> On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller
>> <huaraz at moeller.plus.com> wrote:
>>> I tried to use kinit user\\@mailaddress.com at DOMAIN.COM (\\ escapes @)
>>> with MIT against AD where the userprincipalname is set to the email
>>> address but failed, whereas I can login on XP using the email address.
>>> found that MS uses a principal type 10 (= enterprise name). Is this
>>> anywhere defined in a standard or is this a MS extension ?
>> The value is assigned in RFC4120 section 7.5.8, but without details as to
>> the expected name form. What you're seeing is the most common usage for
>> this name type. Note that Kerberos principal name types are advisory;
>> generally do not need to match.
>> You only said "I tried... but failed." How did you fail? Were you
>> to type the backslash, or perhaps the at-sign? Or did kinit print some
>> error message you're not sharing with us?
>> -- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
>> Sr. Research Systems Programmer
>> School of Computer Science - Research Computing Facility
>> Carnegie Mellon University - Pittsburgh, PA
>> Kerberos mailing list Kerberos at mit.edu
> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos