Constructing User DN using principal name
Russ Allbery
rra at stanford.edu
Mon Apr 15 21:54:05 EDT 2013
diptivs at gmail.com writes:
> The support is mainly for active directory and MIT KDC.
> I was looking for some Kerberos API which can get me the domain name
> with realm-domainName mapping. Actually DomainName is required at
> Authorization directory to construct a search filter and it is not
> recommended to do a bind from this server with AD/MIT_KDC just to
> retrieve domain name.
> Please let me know if you have any more suggestions. Thanks.
Kerberos configuration only maps domains to realms. The mapping isn't
reversible, in part because it's many to one (multiple domains can and
often are mapped to the same realm).
I may be missing something here, but this seems like very site-specific
information. Can't you just require local configuration to map Kerberos
realms to local domains? In most cases, there will probably be only one
local domain.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list