a question on Kerberos TGS name

luxInteg lux-integ at btconnect.com
Thu Feb 16 05:07:44 EST 2012


On Thursday 16 February 2012 06:55:17 Greg Hudson wrote:
> On 02/15/2012 08:56 PM, luxInteg wrote:
> > My question is what is the "Kerberos TGS name"  for a kdc? Is it
> > krbtgt/REALNAME or krbtgt/fdqn at REALNAME  or some such?
> 
> It's krbtgt/REALMNAME at REALMNAME.


thanks 
Now the manpage for x509 has this excerpt (n setting subjectAltName
in certificates
---------
Examples: 
 subjectAltName=email:copy,email:my at other.address,URI:http://my.url.here/
 subjectAltName=IP:192.168.7.1
 subjectAltName=IP:13::17
 subjectAltName=email:my at other.address,RID:1.2.3.4
 subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
------
i.e. there are uRLs for email:,  IP: and I think there is one for DNS:
But with a label such as 
krbtgt/REALMNAME at REALMNAME

I am unsure if the 5th line above applies { and/or how}.  So  I would be 
grateful for an explanation on how
subjectAltName  or otherName   is set. in openssl.cnf
(for krbtgt/REALMNAME at REALMNAME )

thanks in avvance

sincerely
luxInteg


More information about the Kerberos mailing list