[krbdev.mit.edu #7646] PAC checksum verification failed with enterprise principals
Sumit Bose via RT
rt-comment at krbdev.mit.edu
Tue May 28 11:59:07 EDT 2013
On Mon, May 27, 2013 at 12:56:50PM -0400, Greg Hudson via RT wrote:
> I guess we'd want to parse with KRB5_PRINCIPAL_PARSE_ENTERPRISE |
> KRB5_PRINCIPAL_PARSE_IGNORE_REALM.
>
> The presence of an enterprise principal in the ticket is just as
> confusing to me as its presence in the PAC. But if these are being
> issued by a real AD server, I won't argue with experimental evidence.
Sorry, but I think I used enterprise principals wrong and there is no
issue at all. I was under the assumption that the canonicalize flag is
automatically set when enterprise principals are use but this is
obviously not the case. If set everything is working as expected.
I think the ticket can be closed.
More information about the krb5-bugs
mailing list