Alternative UPN on Windows

Markus Moeller huaraz at moeller.plus.com
Fri Apr 4 17:18:26 EDT 2008 

Sam,

I didn't need to patch the libraries at all.  Since I don't use client 
canonicalisation it just works and may have limited use.

markus at Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> ./kinit 
mm at test.home@WIN2003R2.HOME
Password for mm\@test.home at WIN2003R2.HOME:

markus at Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mm\@test.home at WIN2003R2.HOME

Valid starting     Expires            Service principal
04/04/08 22:06:41  04/05/08 08:06:26  krbtgt/WIN2003R2.HOME at WIN2003R2.HOME
        renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with 
HMAC/md5, ArcFour with HMAC/md5


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached


I can even do an ssh to another box ( using  auth_to_local = 
RULE:[1:$1@$0](mm at test.home@WIN2003R2\.HOME$)s/.*/markus/  for testing in 
krb5.conf)


markus at Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> ssh 
markus at opensolaris
Last login: Fri Apr  4 22:12:08 2008 from opensuse.suse.h
Sun Microsystems Inc.   SunOS 5.11      snv_70b October 2007
-bash-3.00$ exit
logout
Connection to opensolaris closed.
markus at Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mm\@test.home at WIN2003R2.HOME

Valid starting     Expires            Service principal
04/04/08 22:06:41  04/05/08 08:06:26  krbtgt/WIN2003R2.HOME at WIN2003R2.HOME
        renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with 
HMAC/md5, ArcFour with HMAC/md5
04/04/08 22:07:34  04/05/08 08:06:26  krbtgt/SOLARIS.HOME at WIN2003R2.HOME
        renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with 
HMAC/md5, ArcFour with HMAC/md5
04/04/08 22:08:30  04/05/08 08:06:26 
host/opensolaris.solaris.home at SOLARIS.HOME
        renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with 
HMAC/md5, ArcFour with HMAC/md5


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached

Regards
Markus


----- Original Message ----- 
From: "Sam Hartman" <hartmans at mit.edu>
To: "Markus Moeller" <huaraz at moeller.plus.com>
Cc: <kerberos at MIT.EDU>
Sent: Friday, April 04, 2008 8:53 PM
Subject: Re: Alternative UPN on Windows


>I really hope your kinit patch is not sufficient.  In particular, I'm
> surprised that you don't need a library patch as well to deal with the
> name coming back in a different form and to set the canonicalize flag.
>
>

More information about the Kerberos mailing list