[33220] in Kerberos
Re: using '@' character in principals
daemon@ATHENA.MIT.EDU (Stephen Ingram)
Fri Feb 18 22:06:53 2011
MIME-Version: 1.0
In-Reply-To: <1298065032.5931.176.camel@t410>
Date: Fri, 18 Feb 2011 19:06:44 -0800
Message-ID: <AANLkTik8r0VS0nSMojBYi2rQm3PFfO=HzhNWUHbfhZwg@mail.gmail.com>
From: Stephen Ingram <sbingram@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Fri, Feb 18, 2011 at 1:37 PM, Greg Hudson <ghudson@mit.edu> wrote:
> On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote:
>> Is it possible to use an '@' character in a kerberos principal such
>> that the full principal would read something like
>> user@domain1.com@DOMAIN.COM? Note that domain1.com is in the
>> DOMAIN.COM realm. I've been able to successfully add a principal like
>> this by using a '\' before the '@'. However, kinit doesn't seem to
>> pass the information similarly such that I can obtain a tgt.
>
> It works for me. Are you sure that the shell isn't eating the \
> character before you pass it to kinit?
(Sorry-I just realized that reply doesn't go to the list)
Thank you. That's exactly what was happening. Using quotes solved the problem.
Obviously this is not going to be a great solution for users to have
to remember to use quotes and backslash characters to obtain their
tgt. I'm guessing that this is why no one seems to use principals like
these except maybe those who can take care of this through a Web
browser interface or such?
Steve
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
