[37043] in Kerberos
Re: A client name with an '@'
daemon@ATHENA.MIT.EDU (Luke Howard)
Tue Jun 2 17:26:21 2015
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Luke Howard <lukeh@padl.com>
In-Reply-To: <82E7C9A01FD0764CACDD35D10F5DFB6E7DFD63@001FSN2MPN1-046.001f.mgd2.msft.net>
Date: Tue, 2 Jun 2015 23:25:24 +0200
Message-Id: <8419554E-50B0-4D5D-BC10-AD2105E1EA38@padl.com>
To: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
You could try the -C and -E options to kinit:
-C canonicalize
-E client is enterprise principal name
— Luke
> On 2 Jun 2015, at 1:02 am, Nordgren, Bryce L -FS <bnordgren@fs.fed.us> wrote:
>
>> $ kinit '12001000550281\@fedidcard.gov@FEDIDCARD.GOV'
>
> Thanks! Making progress!
>
> It now prints a single backslash when describing the principal, both in errors emitted from kinit and the "listprincs" command in kadmin.local. However, I'm back to "client name mismatch" out of kinit, presumably because the MS User Principal Name in the certificate lacks the backslash.
>
> Bryce
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
www.lukehoward.com
soundcloud.com/lukehoward
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
