using UPN to auth

Ben W Young ben.w.young at det.nsw.edu.au
Tue Mar 11 22:42:11 EDT 2008


Markus,

I believe this is what I need to do and you may have commented on this for
me before in another thread.

How would I go about modifying kinit on os x as you have mentioned below?

Regards,

Ben W Young


> From: Markus Moeller <huaraz at moeller.plus.com>
> Date: Wed, 12 Mar 2008 00:32:41 -0000
> To: "kerberos at mit.edu" <mailto:kerberos at mit.edu>
> Subject: Re: using UPN to auth
> 
> You need a modified kinit which sets the principal type  to 10 (enterprise
> name type). Windows will then use the UPN instead of the samaccountname to
> authenticate. (See attached sample mkinit.c)
> 
> Markus.
> 
> BTW If your client support client canonicalisation you can authenticate as
> jdoe at domain.com but get a ticket for samaccountname.
> 
> "Terry" <td3201 at gmail.com> wrote in message
> news:8ee061010803111146g3d5b36b2rd5e22be1d3961073 at mail.gmail.com...
>> Hello,
>> 
>> I am very new to this.  I have a FQDN in AD set to domain.foo.  The
>> UPN of a user is jdoe at domain.com.  (note the difference between foo
>> and com).
>> 
>> How can I authenticate with jdoe at domain.com?  I am able to auth
>> correctly with the sAMAccountName.
>> 
>> Thanks!
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************



More information about the Kerberos mailing list