Creating enterprise principals with kadmin
Brandon Allbery
ballbery at sinenomine.net
Sat Sep 13 13:33:41 EDT 2014
On Sat, 2014-09-13 at 18:52 +0200, Rick van Rein wrote:
> I did find that the -E (MIT) or —enterprise (Heimdal) switch work to
> login to a principal user at example.com@EXAMPLE.COM; without the flag, I
> need to escape the first @ with a backslash; the Ticket Viewer of Mac
> OS X also needs this backslash. It’s almost as if that backslash is
> what makes up an enterprise name.
It's more correct to say that something needs to tell it that the first
@ doesn't indicate the realm, and backslash is the usual "escape
character" to avoid special handling of characters. Presumably using the
enterprise flag also tells it to expect two @s and treat the second as
the realm.
--
brandon s allbery kf8nh sine nomine associates
allbery.b at gmail.com ballbery at sinenomine.net
unix openafs kerberos infrastructure xmonad http://sinenomine.net
More information about the Kerberos
mailing list