[29627] in Kerberos
Alternative UPN on Windows
daemon@ATHENA.MIT.EDU (Speedo)
Thu Apr 3 14:50:21 2008
From: Speedo <speedogoo@gmail.com>
Date: Wed, 2 Apr 2008 22:43:33 -0700 (PDT)
Message-ID: <7e585f66-d89c-409d-a55d-0fbe23268c1d@s37g2000prg.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi All
On Windows, there's something called alternative UPN that you can
create user@this.realm in that.realm. Here's a very nice explanation:
http://www.netometer.com/video/tutorials/upn/step1/step1.html
I've looked at the packets, it works like this:
Suppose in realm REAL.COM there's a user x which also has an
alternative UPN called y@fake.com. If the user logon with x, the
principal name sent in AS-REQ is (x, NT-PRINCIPAL). If logon with
y@fake.com, it's (y@fake.com, NT-ENTERPRISE). In both cases, the
server replies with a TGT successfully.
My question is: Is there any third party software supporting this
feature?
1. For kinit, how do I specify the name type?
2. Using GSS, how do I create a GSS name?
Thanks
Speedo
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
