On Mon, Jun 9, 2008 at 5:12 PM, Céline AUSSOURD < [EMAIL PROTECTED]> wrote:
> Now, I can authenticate with a kerberos token. But I have still a problem : > the user which is authenticated is <sAMAccountName>@<MyRealm> instead of > <userPrincipalName>. Is this the result of the SPNEGO authentication module or is it due to the fact you are chaining this AuthN with the attribute resolver ? I think that the problem come from the users authentication in the domain > since I haven't a valid krbtgt. How is it possible ? Without any valid krbtgt, you are not able to get a kerberos Service Ticket. I guess you are using NTLM token here. I can create one using kinit but it seems that the browsers don't use it. Which browser ? You should activate IWA, add the site as a trusted site for IWA (intranet zone) ... > How is it possible that Kerberos isn't used by my domain controller ? How > can I fix it ? I didn't find helpful information about it. I know that there is GPO that can force users to use NTLM, but there is no way to force Kerberos. BTW, if you cannot get any valid krbtgt or st, there is also other known issues like time synchronization ... -- Arnaud Lesueur LinkedIn: http://www.linkedin.com/in/lesueur
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
