Use of NT-ENTERPRISE name type via GSS-API
Greg Hudson
ghudson at MIT.EDU
Thu Jul 3 14:38:18 EDT 2014
On 07/02/2014 05:36 AM, Alan Braggins wrote:
> I'm using Kerberos constrained delegation (s4u2proxy)
> for a proxy server that is authenticating clients to a
> Microsoft Active Domain server.
Can you explain more about what you're doing? I'm not immediately sure
why you would need to import a UPN in order to do s4u2proxy.
My understanding is that UPNs are used (1) during AS-requests, and (2)
to identify the server when doing cross-realm S4U2Self (which we should
do internally, but currently don't; that's issue #7790). I'm not sure
where they would be involved for S4U2Proxy.
More information about the Kerberos
mailing list