On Thu, 2015-01-29 at 13:50 +1300, Andrew Bartlett wrote: > In MS-KILE, following on from 114121712176508 which is in a bit of a > dead end, I'm wondering about where the mapping between the values in > LDAP and the valid values for client and server principal names in > Kerberos is specified? > > We 'know' most of this - either a userPrincipalName or the > samAccountName @ REALM (or netbios domain) is a valid client principal, > and samAccountName @ REALM or servicePrinicpalName @ REALM is a valid > server principal, but I can't find where this is actually written down, > and I'm not entirely clear what exact restriction I should implement on > these mappings, if any. > > In particular, what specifically determines that a principal is a valid > Kerberos service principal?
G'Day, I don't have a record of this being assigned a case. Can someone at Microsoft please start looking into this, as it appears to be a gap in the documentation. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
