[36464] in Kerberos
Re: Creating enterprise principals with kadmin
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Sat Sep 13 13:33:52 2014
From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Sat, 13 Sep 2014 17:33:41 +0000
Message-ID: <1410629621.9307.10.camel@vikktakkht.kf8nh.com>
In-Reply-To: <38B36826-5C1B-477C-825F-39DE83478D77@openfortress.nl>
Content-Language: en-US
Content-ID: <C1526E50959DD340A5F129C189608E2B@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Sat, 2014-09-13 at 18:52 +0200, Rick van Rein wrote:
> I did find that the -E (MIT) or —enterprise (Heimdal) switch work to
> login to a principal user@example.com@EXAMPLE.COM; without the flag, I
> need to escape the first @ with a backslash; the Ticket Viewer of Mac
> OS X also needs this backslash. It’s almost as if that backslash is
> what makes up an enterprise name.
It's more correct to say that something needs to tell it that the first
@ doesn't indicate the realm, and backslash is the usual "escape
character" to avoid special handling of characters. Presumably using the
enterprise flag also tells it to expect two @s and treat the second as
the realm.
--
brandon s allbery kf8nh sine nomine associates
allbery.b@gmail.com ballbery@sinenomine.net
unix openafs kerberos infrastructure xmonad http://sinenomine.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
