using '@' character in principals

Stephen Ingram sbingram at gmail.com
Fri Feb 18 22:06:44 EST 2011


On Fri, Feb 18, 2011 at 1:37 PM, Greg Hudson <ghudson at mit.edu> wrote:
> On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote:
>> Is it possible to use an '@' character in a kerberos principal such
>> that the full principal would read something like
>> user at domain1.com@DOMAIN.COM? Note that domain1.com is in the
>> DOMAIN.COM realm. I've been able to successfully add a principal like
>> this by using a '\' before the '@'. However, kinit doesn't seem to
>> pass the information similarly such that I can obtain a tgt.
>
> It works for me.  Are you sure that the shell isn't eating the \
> character before you pass it to kinit?

(Sorry-I just realized that reply doesn't go to the list)

Thank you. That's exactly what was happening. Using quotes solved the problem.

Obviously this is not going to be a great solution for users to have
to remember to use quotes and backslash characters to obtain their
tgt. I'm guessing that this is why no one seems to use principals like
these except maybe those who can take care of this through a Web
browser interface or such?

Steve




More information about the Kerberos mailing list