using '@' character in principals
Stephen Ingram
sbingram at gmail.com
Tue Mar 1 19:51:31 EST 2011
If you use an LDAP backend to store the Kerberos attributes, is it
then easier to use a '@' in user part of the principal? I'm
particularly interested in being able to do this without having to
escape the '@'.
Steve
On Fri, Feb 18, 2011 at 2:44 PM, Stephen Ingram <sbingram at gmail.com> wrote:
> Greg-
>
> On Fri, Feb 18, 2011 at 1:37 PM, Greg Hudson <ghudson at mit.edu> wrote:
>> On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote:
>>> Is it possible to use an '@' character in a kerberos principal such
>>> that the full principal would read something like
>>> user at domain1.com@DOMAIN.COM? Note that domain1.com is in the
>>> DOMAIN.COM realm. I've been able to successfully add a principal like
>>> this by using a '\' before the '@'. However, kinit doesn't seem to
>>> pass the information similarly such that I can obtain a tgt.
>>
>> It works for me. Are you sure that the shell isn't eating the \
>> character before you pass it to kinit?
>
> Thank you. That's exactly what was happening. Using quotes solved the problem.
>
> Obviously this is not going to be a great solution for users to have
> to remember to use quotes and backslash characters to obtain their
> tgt. I'm guessing that this is why no one seems to use principals like
> these except maybe those who can take care of this through a Web
> browser interface or such?
>
> Steve
>
More information about the Kerberos
mailing list