[37053] in Kerberos
Re: A client name with an '@'
daemon@ATHENA.MIT.EDU (Rick van Rein)
Wed Jun 3 02:49:10 2015
Message-ID: <556EA34E.7010501@openfortress.nl>
Date: Wed, 03 Jun 2015 08:48:46 +0200
From: Rick van Rein <rick@openfortress.nl>
MIME-Version: 1.0
To: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
In-Reply-To: <82E7C9A01FD0764CACDD35D10F5DFB6E7E1194@001FSN2MPN1-046.001f.mgd2.msft.net>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
Nordgren, Bryce L -FS wrote:
>
> I could, but I'm not certain the MIT Kerberos KDC (to which kinit is
> connecting) knows how to canonicalize.
It does not. It will however handle usernames with an embedded @ as any
other, as you've already found.
> Boy if I could get user principal mapping going, that would be sweet.
Or you might retain the uppercase realm and try to cross-sign between
the uppercase and lowercase realms. Your (somewhat silly) clients logon
to the lowercase realm and gain access to the (less errorprone) uppercase
realm.
Cheers,
-Rick
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
