a question on Kerberos TGS name
Mantas Mikulėnas
grawity at gmail.com
Thu Feb 16 06:07:24 EST 2012
On 2012-02-16 12:07, luxInteg wrote:
> thanks
> Now the manpage for x509 has this excerpt (n setting subjectAltName
> in certificates
> ---------
> Examples:
> subjectAltName=email:copy,email:my at other.address,URI:http://my.url.here/
> subjectAltName=IP:192.168.7.1
> subjectAltName=IP:13::17
> subjectAltName=email:my at other.address,RID:1.2.3.4
> subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
> ------
> i.e. there are uRLs for email:, IP: and I think there is one for DNS:
> But with a label such as
> krbtgt/REALMNAME at REALMNAME
>
> I am unsure if the 5th line above applies { and/or how}. So I would be
> grateful for an explanation on how
> subjectAltName or otherName is set. in openssl.cnf
> (for krbtgt/REALMNAME at REALMNAME )
It's otherName, but far more complex, unfortunately. See this example,
both [kdc_cert] and [client_cert] sections:
<http://k5wiki.kerberos.org/wiki/Pkinit_configuration#Extensions_file>
--
Mantas Mikulėnas <grawity at gmail.com>
More information about the Kerberos
mailing list