KDB and referrals/aliases

Greg Hudson ghudson at MIT.EDU
Wed Sep 2 16:22:40 EDT 2009

On Wed, 2009-09-02 at 15:12 -0400, Nicolas Williams wrote:
> I think it's a legitimate concern that kadmin clients be able to
> distinguish aliases from non-aliases.  Not that getprinc(alias) should
> fail, but that it should tell you its canonical name; listprincs should
> probably list only canonical names.

In that case, there is no problem:

kadmin.local:  getprinc user2
Principal: user at DIRECTORATE.ORG
Expiration date: [never]

"user2" is an alias name and "user" is the canonical name.  That's with
the LDAP back end hacked to return aliases (a la Luke's patch) but no
other changes.

More information about the krbdev mailing list