[36785] in Kerberos
Re: Populating krbPrincipalName multivalued (Was: Re: LDAP searches
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Feb 13 12:47:04 2015
Message-ID: <54DE3889.9030904@mit.edu>
Date: Fri, 13 Feb 2015 12:46:49 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Gergely Czuczy <gergely.czuczy@harmless.hu>, kerberos@mit.edu
In-Reply-To: <54DE2BE3.4010306@harmless.hu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 02/13/2015 11:52 AM, Gergely Czuczy wrote:
> So, this means, when adding an alias, addition work is not needed, just
> another value for krbPrincipalName?
> I had the impression that some additional stuff needs to be stored along
> with the alias, like, i don't know, keys, or whatever stuff. This part
> wasn't clear from the docs.
The point of an alias is that it refers to the same principal entry,
including keys.
You do need to add a krbCanonicalName attribute so that the KDC knows
which principal name is the canonical name.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
