using UPN to auth
Terry
td3201 at gmail.com
Wed Mar 12 12:26:41 EDT 2008
I am not sure if this matters but the end result is to use
mod_auth_kerb to authenticate users. You are saying I need to
recompile it to use type 10 (enterprise name type)? I might be able
to figure that out. :)
On Tue, Mar 11, 2008 at 7:32 PM, Markus Moeller <huaraz at moeller.plus.com> wrote:
> You need a modified kinit which sets the principal type to 10 (enterprise
> name type). Windows will then use the UPN instead of the samaccountname to
> authenticate. (See attached sample mkinit.c)
>
> Markus.
>
> BTW If your client support client canonicalisation you can authenticate as
> jdoe at domain.com but get a ticket for samaccountname.
>
> "Terry" <td3201 at gmail.com> wrote in message
> news:8ee061010803111146g3d5b36b2rd5e22be1d3961073 at mail.gmail.com...
>
>
> > Hello,
> >
> > I am very new to this. I have a FQDN in AD set to domain.foo. The
> > UPN of a user is jdoe at domain.com. (note the difference between foo
> > and com).
> >
> > How can I authenticate with jdoe at domain.com? I am able to auth
> > correctly with the sAMAccountName.
> >
> > Thanks!
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
More information about the Kerberos
mailing list