using UPN to auth

Markus Moeller huaraz at moeller.plus.com
Tue Mar 11 20:32:41 EDT 2008


You need a modified kinit which sets the principal type  to 10 (enterprise 
name type). Windows will then use the UPN instead of the samaccountname to 
authenticate. (See attached sample mkinit.c)

Markus.

BTW If your client support client canonicalisation you can authenticate as 
jdoe at domain.com but get a ticket for samaccountname.

"Terry" <td3201 at gmail.com> wrote in message 
news:8ee061010803111146g3d5b36b2rd5e22be1d3961073 at mail.gmail.com...
> Hello,
>
> I am very new to this.  I have a FQDN in AD set to domain.foo.  The
> UPN of a user is jdoe at domain.com.  (note the difference between foo
> and com).
>
> How can I authenticate with jdoe at domain.com?  I am able to auth
> correctly with the sAMAccountName.
>
> Thanks!
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 


More information about the Kerberos mailing list