a question on Kerberos TGS name
luxInteg
lux-integ at btconnect.com
Thu Feb 16 05:07:44 EST 2012
On Thursday 16 February 2012 06:55:17 Greg Hudson wrote:
> On 02/15/2012 08:56 PM, luxInteg wrote:
> > My question is what is the "Kerberos TGS name" for a kdc? Is it
> > krbtgt/REALNAME or krbtgt/fdqn at REALNAME or some such?
>
> It's krbtgt/REALMNAME at REALMNAME.
thanks
Now the manpage for x509 has this excerpt (n setting subjectAltName
in certificates
---------
Examples:
subjectAltName=email:copy,email:my at other.address,URI:http://my.url.here/
subjectAltName=IP:192.168.7.1
subjectAltName=IP:13::17
subjectAltName=email:my at other.address,RID:1.2.3.4
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
------
i.e. there are uRLs for email:, IP: and I think there is one for DNS:
But with a label such as
krbtgt/REALMNAME at REALMNAME
I am unsure if the 5th line above applies { and/or how}. So I would be
grateful for an explanation on how
subjectAltName or otherName is set. in openssl.cnf
(for krbtgt/REALMNAME at REALMNAME )
thanks in avvance
sincerely
luxInteg
More information about the Kerberos
mailing list