Kerberos.app AD UPN & SAM authentication issue
Russ Allbery
rra at stanford.edu
Thu Oct 4 23:02:39 EDT 2007
"Michael B Allen" <ioplex at gmail.com> writes:
> Active Directory does not use the userPrincipalName attribute to do
> Kerberos authentication. It uses sAMAccountName at dnsRoot.
I just tested against our Active Directory with an account that had both
userPrincipalName and sAMAccountName set to different values and was able
to authenticate using either of the two names via kinit from a Debian
system. Either returned valid tickets for the principal name that I used,
and both had the same password and hence were using the same Active
Directory record.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list