S4U2self and S4U2proxy don't honor Canonicalize option
Srinivas Cheruku
srinivas.cheruku at gmail.com
Tue Mar 24 05:44:35 EDT 2015
Hello,
I am sending S4U2self and S4U2proxy requests to MS AD (2003/2008/2012) and
found that the client name in these tickets is not canonicalized even though
KDC option Canonicalize is set.
Any idea why MS AD is not canonicalizing the client name in these tickets?
Is there any other option that needs to be set to get the canonicalized
client name in the S4U2self and S4U2proxy tickets?
I found an heimdal thread
http://comments.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/611
1 which also talks about this issue.
Thanks,
Srini
More information about the krbdev
mailing list