[36463] in Kerberos
Creating enterprise principals with kadmin
daemon@ATHENA.MIT.EDU (Rick van Rein)
Sat Sep 13 12:52:55 2014
From: Rick van Rein <rick@openfortress.nl>
Date: Sat, 13 Sep 2014 18:52:35 +0200
To: "<kerberos@mit.edu>" <Kerberos@mit.edu>
Message-Id: <38B36826-5C1B-477C-825F-39DE83478D77@openfortress.nl>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hello,
I am trying to create an enterprise principal with kadmin.local; but I cannot find what the proper procedure is.
What fails is naively doing
addprinc user@example.com@EXAMPLE.COM
I do succeed when I instead do
addprinc user\@example.com@EXAMPLE.COM
I did find that the -E (MIT) or —enterprise (Heimdal) switch work to login to a principal user@example.com@EXAMPLE.COM; without the flag, I need to escape the first @ with a backslash; the Ticket Viewer of Mac OS X also needs this backslash. It’s almost as if that backslash is what makes up an enterprise name.
But this leaves me a bit worried about the KRB5-NT-ENTERPRISE nametype — does it apply to what I am doing? Does my approach create a correct enterprise principal name, or am I so lucky to run into leniency by Kerberos?
Thanks,
-Rick
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
