AW: Anyone has an apache runningwith mod_auth_kerbANDmod_auth_ldap?
Markus Moeller
huaraz at moeller.plus.com
Fri Oct 13 15:22:02 EDT 2006
Thanks for clarifying. I got the following reply
kinit(v5): Client not found in Kerberos database while getting initial
credentials
The only real difference I could see in the AS REQ is that XP uses type 10
and kinit use type 1.
Regards
Markus
"Jeffrey Hutzelman" <jhutz at cmu.edu> wrote in message
news:AE1D56BEA05AA8A328BF3929 at sirius.fac.cs.cmu.edu...
>
>
> On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller
> <huaraz at moeller.plus.com> wrote:
>
>> I tried to use kinit user\\@mailaddress.com at DOMAIN.COM (\\ escapes @)
>> with MIT against AD where the userprincipalname is set to the email
>> address but failed, whereas I can login on XP using the email address. I
>> found that MS uses a principal type 10 (= enterprise name). Is this
>> anywhere defined in a standard or is this a MS extension ?
>
> The value is assigned in RFC4120 section 7.5.8, but without details as to
> the expected name form. What you're seeing is the most common usage for
> this name type. Note that Kerberos principal name types are advisory;
> they
> generally do not need to match.
>
> You only said "I tried... but failed." How did you fail? Were you unable
> to type the backslash, or perhaps the at-sign? Or did kinit print some
> error message you're not sharing with us?
>
> -- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
> Sr. Research Systems Programmer
> School of Computer Science - Research Computing Facility
> Carnegie Mellon University - Pittsburgh, PA
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman-mit-edu.ezproxyberklee.flo.org/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list