Kerberos.app AD UPN & SAM authentication issue
Michael B Allen
ioplex at gmail.com
Mon Oct 22 01:22:49 EDT 2007
On 10/22/07, Ben W Young <ben.w.young at det.nsw.edu.au> wrote:
> Thanks Guy's for helping me think through this. We have very large complex
> AD environment and to suggest changes like turning on "translation" between
> the UPN and the SAM would be like trying to get blood out of a stone.
Hi Ben,
That was not the conclusion. My understanding now is that Kerberos.app
could be modified to use the MS specific "enterprise principal" when
requesting the ticket rather than the regular "principal". Meaning
there's a spot in the Kerberos.app code where you would simply need to
change the principal type value from 1 to 10.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list