[33219] in Kerberos
Re: using '@' character in principals
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Feb 18 16:37:26 2011
From: Greg Hudson <ghudson@mit.edu>
To: Stephen Ingram <sbingram@gmail.com>
In-Reply-To: <AANLkTik5E2UD10=gAWFvU-5F_3f_Ybu77PxE1QW3y5pc@mail.gmail.com>
Date: Fri, 18 Feb 2011 16:37:12 -0500
Message-ID: <1298065032.5931.176.camel@t410>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote:
> Is it possible to use an '@' character in a kerberos principal such
> that the full principal would read something like
> user@domain1.com@DOMAIN.COM? Note that domain1.com is in the
> DOMAIN.COM realm. I've been able to successfully add a principal like
> this by using a '\' before the '@'. However, kinit doesn't seem to
> pass the information similarly such that I can obtain a tgt.
It works for me. Are you sure that the shell isn't eating the \
character before you pass it to kinit?
equal-rites$ kadmin.local
Authenticating as principal user/admin@KRBTEST.COM with password.
kadmin.local: addprinc a\@b
WARNING: no policy specified for a\@b@KRBTEST.COM; defaulting to no policy
Enter password for principal "a\@b@KRBTEST.COM":
Re-enter password for principal "a\@b@KRBTEST.COM":
Principal "a\@b@KRBTEST.COM" created.
equal-rites$ kinit 'a\@b'
Password for a\@b@KRBTEST.COM:
equal-rites$ kinit a\@b
kinit: Cannot find KDC for requested realm while getting initial credentials
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
