canonicalize, as_req, pa_svr_referral, pa_server_referral
Luke Howard
lukeh at padl.com
Thu Dec 18 18:00:36 EST 2008
> Can you describe in more detail the netbios realm name situation?
Assuming the NetBIOS name MSAD for the realm MS.COM. A non-UPN logon
to AD will send an AS-REQ for krbtgt/MSAD@ MSAD.
If the canonicalize flag is unset, the reply server will be krbtgt/MSAD at MS.COM
. If the canonicalize flag is set, the reply server will be krbtgt/MS.COM at MS.COM
.
The client realm in the reply is also always canonicalized (something
which I didn't realise until just now).
-- Luke
More information about the krbdev
mailing list