using '@' character in principals
Greg Hudson
ghudson at MIT.EDU
Fri Feb 18 16:37:12 EST 2011
On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote:
> Is it possible to use an '@' character in a kerberos principal such
> that the full principal would read something like
> user at domain1.com@DOMAIN.COM? Note that domain1.com is in the
> DOMAIN.COM realm. I've been able to successfully add a principal like
> this by using a '\' before the '@'. However, kinit doesn't seem to
> pass the information similarly such that I can obtain a tgt.
It works for me. Are you sure that the shell isn't eating the \
character before you pass it to kinit?
equal-rites$ kadmin.local
Authenticating as principal user/admin at KRBTEST.COM with password.
kadmin.local: addprinc a\@b
WARNING: no policy specified for a\@b at KRBTEST.COM; defaulting to no policy
Enter password for principal "a\@b at KRBTEST.COM":
Re-enter password for principal "a\@b at KRBTEST.COM":
Principal "a\@b at KRBTEST.COM" created.
equal-rites$ kinit 'a\@b'
Password for a\@b at KRBTEST.COM:
equal-rites$ kinit a\@b
kinit: Cannot find KDC for requested realm while getting initial credentials
More information about the Kerberos
mailing list