principal aliases?
Chris Hecker
checker at d6.com
Tue Nov 21 19:59:11 EST 2017
There is code that checks krbCanonicalName...hmm, it looks like maybe for
MIT krbPrincipalName can have multiple entries and that's how aliases are
done and krbPrincipalAliases is only on Heimdal...
Chris
On Tue, Nov 21, 2017 at 4:56 PM, Chris Hecker <checker at d6.com> wrote:
> No, I meant, how does the KDC actually query for them since it doesn't
> appear to be in the code anywhere I can find? I haven't set it up to test
> yet, but I'm trying to see how it could possibly work when it's not in the
> ldap queries...hopefully I'm missing something.
>
> Chris
>
>
> On Tue, Nov 21, 2017 at 4:53 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:
>
>> On Tue, Nov 21, 2017 at 04:43:58PM -0800, Chris Hecker wrote:
>> > Oh, really? That's cool, I couldn't find krbPrincipalAliases (case
>> > insensitive) in the entire 1.15.2 source code except for the schema and
>> > ldif files...how does that work? I don't mind creating them myself, no
>> > problem.
>>
>> The only documentation I know of is at the end of
>> http://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_ldap.html .
>> There's probably other references in the list archives, though it's
>> unclear exactly how helpful they would be.
>>
>> -Ben
>>
>
>
More information about the krbdev
mailing list