[37059] in Kerberos
RE: A client name with an '@'
daemon@ATHENA.MIT.EDU (Nordgren, Bryce L -FS)
Wed Jun 3 12:29:40 2015
From: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Wed, 3 Jun 2015 16:29:19 +0000
Message-ID: <82E7C9A01FD0764CACDD35D10F5DFB6E7E1396@001FSN2MPN1-046.001f.mgd2.msft.net>
In-Reply-To: <201506031520.t53FKvh1022921@hedwig.cmf.nrl.navy.mil>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> Also, the venerably Russ Allberry created a lowercase realm for Stanford, and
> repeatedly has said that if he had to do it all over again he wouldn't have
> done a lowercase realm; too much software assumes an uppercase realm.
> Maybe that has changed in the intervening years.
Kind of moot. These smart cards are issued from GSA credentialing centers for USDA and certificate production is outside my sphere of influence. The really odd part is that the lowercase realm is encoded into the certificate, but the realm in Active Directory is uppercase. I don't know if this is some kind of oversight, some kind of requirement to make Active Directory canonicalize correctly, or if they're intentionally making it hard to use.
Thanks for all your help!
Bryce
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
