using '@' character in principals

Greg Hudson ghudson at MIT.EDU
Fri Feb 18 16:37:12 EST 2011


On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote:
> Is it possible to use an '@' character in a kerberos principal such
> that the full principal would read something like
> user at domain1.com@DOMAIN.COM? Note that domain1.com is in the
> DOMAIN.COM realm. I've been able to successfully add a principal like
> this by using a '\' before the '@'. However, kinit doesn't seem to
> pass the information similarly such that I can obtain a tgt.

It works for me.  Are you sure that the shell isn't eating the \
character before you pass it to kinit?

equal-rites$ kadmin.local
Authenticating as principal user/admin at KRBTEST.COM with password.
kadmin.local:  addprinc a\@b
WARNING: no policy specified for a\@b at KRBTEST.COM; defaulting to no policy
Enter password for principal "a\@b at KRBTEST.COM": 
Re-enter password for principal "a\@b at KRBTEST.COM": 
Principal "a\@b at KRBTEST.COM" created.
equal-rites$ kinit 'a\@b'
Password for a\@b at KRBTEST.COM: 
equal-rites$ kinit a\@b
kinit: Cannot find KDC for requested realm while getting initial credentials





More information about the Kerberos mailing list