A client name with an '@'

Nico Williams nico at cryptonector.com
Wed Jun 3 12:42:03 EDT 2015


On Wed, Jun 03, 2015 at 04:29:19PM +0000, Nordgren, Bryce L -FS wrote:
> Kind of moot. These smart cards are issued from GSA credentialing
> centers for USDA and certificate production is outside my sphere of
> influence. The really odd part is that the lowercase realm is encoded
> into the certificate, but the realm in Active Directory is uppercase.
> I don't know if this is some kind of oversight, some kind of
> requirement to make Active Directory canonicalize correctly, or if
> they're intentionally making it hard to use.

AD matches realms case-insensitively (though case-preserving).


More information about the Kerberos mailing list