ldap principal aliases
Chris
lists at deksai.com
Thu Aug 27 19:46:31 EDT 2009
Am I understanding correctly that I should be able to put several
krbPrincipalNames under one dn, set the krbCanonicalName, and the KDC
should return the krbCanonicalName or alias (not sure which) for any of
the listed krbPrincipalNames?
This is how I am trying use this, and it doesn't seem to be working. I
can use the same queries I see going to the LDAP server manually as the
KDC user, and they return the correct record, but the KDC always says it
cannot find the service principal if I use an alias. I see a spot in
the code that will set the principal name if it sees both
krbcanonicalname and the KRB5_KDB_FLAG_CANONICALIZE flag. From what I
think I read in the docs, this is supposed to be on for service
principals by default.
Any help in understanding what I'm not understanding here would be
appreciated.
Chris
More information about the Kerberos
mailing list