A client name with an '@'
Rick van Rein
rick at openfortress.nl
Wed Jun 3 02:48:46 EDT 2015
Hi,
Nordgren, Bryce L -FS wrote:
>
> I could, but I'm not certain the MIT Kerberos KDC (to which kinit is
> connecting) knows how to canonicalize.
It does not. It will however handle usernames with an embedded @ as any
other, as you've already found.
> Boy if I could get user principal mapping going, that would be sweet.
Or you might retain the uppercase realm and try to cross-sign between
the uppercase and lowercase realms. Your (somewhat silly) clients logon
to the lowercase realm and gain access to the (less errorprone) uppercase
realm.
Cheers,
-Rick
More information about the Kerberos
mailing list