AD UPN & SAM authentication issue

Michael B Allen ioplex at
Mon Oct 22 01:22:49 EDT 2007

On 10/22/07, Ben W Young <ben.w.young at> wrote:
> Thanks Guy's for helping me think through this. We have very large complex
> AD environment and to suggest changes like turning on "translation" between
> the UPN and the SAM would be like trying to get blood out of a stone.

Hi Ben,

That was not the conclusion. My understanding now is that
could be modified to use the MS specific "enterprise principal" when
requesting the ticket rather than the regular "principal". Meaning
there's a spot in the code where you would simply need to
change the principal type value from 1 to 10.


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the Kerberos mailing list