[37034] in Kerberos
A client name with an '@'
daemon@ATHENA.MIT.EDU (Nordgren, Bryce L -FS)
Mon Jun 1 18:05:11 2015
From: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Mon, 1 Jun 2015 22:04:46 +0000
Message-ID: <82E7C9A01FD0764CACDD35D10F5DFB6E7DFCFD@001FSN2MPN1-046.001f.mgd2.msft.net>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I'm trying to set up the MIT Kerberos server (1.12.2 / Fedora 21) to PKINIT from my organizations' smart cards.
They have a MS user principal name of the form: 12001000550281@fedidcard.gov
I tried creating a realm "FEDIDCARD.GOV" with a user principal 12001000550281. This resulted in a client name mismatch when trying to kinit to 12001000550281@FEDIDCARD.GOV.
I then tried creating a "12001000550281@fedidcard.gov" principal in my realm. Unfortunately, I cannot kinit using the principal "12001000550281@fedidcard.gov@FEDIDCARD.GOV". kinit gives a "Malformed representation of principal when parsing name..." error.
Is there a solution to this? Some special syntax that tells the command line tools to ignore '@' signs in a client principal name? Or am I thinking wrong: Does kinit parse the user principal name into client and realm? Should I rename my realm to lowercase fedidcard.gov?
Thanks,
Bryce
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
