[29635] in Kerberos
Re: Alternative UPN on Windows
daemon@ATHENA.MIT.EDU (Markus Moeller)
Fri Apr 4 17:19:22 2008
Message-ID: <F3608BC92E5A41B2892DBF1D4DADC296@VAIOLaptop>
From: "Markus Moeller" <huaraz@moeller.plus.com>
To: "Sam Hartman" <hartmans@mit.edu>
In-Reply-To: <tsl8wztxuq3.fsf@mit.edu>
Date: Fri, 4 Apr 2008 22:18:26 +0100
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Sam,
I didn't need to patch the libraries at all. Since I don't use client
canonicalisation it just works and may have limited use.
markus@Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> ./kinit
mm@test.home@WIN2003R2.HOME
Password for mm\@test.home@WIN2003R2.HOME:
markus@Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mm\@test.home@WIN2003R2.HOME
Valid starting Expires Service principal
04/04/08 22:06:41 04/05/08 08:06:26 krbtgt/WIN2003R2.HOME@WIN2003R2.HOME
renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
I can even do an ssh to another box ( using auth_to_local =
RULE:[1:$1@$0](mm@test.home@WIN2003R2\.HOME$)s/.*/markus/ for testing in
krb5.conf)
markus@Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> ssh
markus@opensolaris
Last login: Fri Apr 4 22:12:08 2008 from opensuse.suse.h
Sun Microsystems Inc. SunOS 5.11 snv_70b October 2007
-bash-3.00$ exit
logout
Connection to opensolaris closed.
markus@Opensuse:~/sources/krb5-1.6.1-compile/src/clients/kinit> klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mm\@test.home@WIN2003R2.HOME
Valid starting Expires Service principal
04/04/08 22:06:41 04/05/08 08:06:26 krbtgt/WIN2003R2.HOME@WIN2003R2.HOME
renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
04/04/08 22:07:34 04/05/08 08:06:26 krbtgt/SOLARIS.HOME@WIN2003R2.HOME
renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
04/04/08 22:08:30 04/05/08 08:06:26
host/opensolaris.solaris.home@SOLARIS.HOME
renew until 04/05/08 22:06:41, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
Regards
Markus
----- Original Message -----
From: "Sam Hartman" <hartmans@mit.edu>
To: "Markus Moeller" <huaraz@moeller.plus.com>
Cc: <kerberos@MIT.EDU>
Sent: Friday, April 04, 2008 8:53 PM
Subject: Re: Alternative UPN on Windows
>I really hope your kinit patch is not sufficient. In particular, I'm
> surprised that you don't need a library patch as well to deal with the
> name coming back in a different form and to set the canonicalize flag.
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
