a question on Kerberos TGS name
luxInteg
lux-integ at btconnect.com
Wed Feb 15 20:56:19 EST 2012
Greetings,
I am attempting pkcs11 with krb5.
Here is an excerpt from the krb5-docs
specifically "krb5-admin.html#pkinit identity-syntax"
#-----------------------------------
pkinit_eku_checking
..... (Note that if the KDC certificate has the pkinit
SubjectAlternativeName encoded as the Kerberos TGS name,
EKU checking is not necessary since the issuing CA has certified this as a KDC
certificate.)
#-----------------------------------
My question is what is the "Kerberos TGS name" for a kdc? Is it
krbtgt/REALNAME or krbtgt/fdqn at REALNAME or some such? Advice would be much
arppreciated
Thanks in advance
lux-integ
More information about the Kerberos
mailing list