MIT kinit with AD userPrincipalName with SMTP domain and not proper realm?

[Luke Howard]

Hi Mike,

> I understand now. Unfortunately, in practice, I need much more than
> kinit. I'm integrated with an old version of Heidmal so it seems I'll
> need to work on moving to a newer Heimdal and possibly work on
> krb5/principal.c:build_principal et al if the latest Heimdal doesn't
> already have it. I also want to do this with Java but given the
> spotted history of Java's builtin Kerberos implementation I don't
> expect that to be tackled easily. I kinda wish I just had a really
> solid ASN.1 compiler and crypto lib for the various languages. Ho-hum.

Ah, I assumed you were using MIT.

For those that are, there is AS referral support in 1.7, but from  
memory there are some bugs (which really should be fixed in a patch  
release). I don't have the details on hand. It definitely works in  
trunk and thus 1.8.

-- Luke