Populating krbPrincipalName multivalued (Was: Re: LDAP searches for Kerberos entries)
Greg Hudson
ghudson at mit.edu
Fri Feb 13 12:46:49 EST 2015
On 02/13/2015 11:52 AM, Gergely Czuczy wrote:
> So, this means, when adding an alias, addition work is not needed, just
> another value for krbPrincipalName?
> I had the impression that some additional stuff needs to be stored along
> with the alias, like, i don't know, keys, or whatever stuff. This part
> wasn't clear from the docs.
The point of an alias is that it refers to the same principal entry,
including keys.
You do need to add a krbCanonicalName attribute so that the KDC knows
which principal name is the canonical name.
More information about the Kerberos
mailing list