Alternative UPN on Windows
Speedo
speedogoo at gmail.com
Thu Apr 3 01:43:33 EDT 2008
Hi All
On Windows, there's something called alternative UPN that you can
create user at this.realm in that.realm. Here's a very nice explanation:
http://www.netometer.com/video/tutorials/upn/step1/step1.html
I've looked at the packets, it works like this:
Suppose in realm REAL.COM there's a user x which also has an
alternative UPN called y at fake.com. If the user logon with x, the
principal name sent in AS-REQ is (x, NT-PRINCIPAL). If logon with
y at fake.com, it's (y at fake.com, NT-ENTERPRISE). In both cases, the
server replies with a TGT successfully.
My question is: Is there any third party software supporting this
feature?
1. For kinit, how do I specify the name type?
2. Using GSS, how do I create a GSS name?
Thanks
Speedo
More information about the Kerberos
mailing list