The case SR 115012912337526 was created. Our colleague Sree , copied, is assigned to it.
Bryan -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Monday, February 9, 2015 10:55 PM To: Interoperability Documentation Help Cc: [email protected] Subject: Re: [cifs-protocol] Where is the link between Kerberos principals and servicePrincipalName/userPrincipalName specified? On Thu, 2015-01-29 at 13:50 +1300, Andrew Bartlett wrote: > In MS-KILE, following on from 114121712176508 which is in a bit of a > dead end, I'm wondering about where the mapping between the values in > LDAP and the valid values for client and server principal names in > Kerberos is specified? > > We 'know' most of this - either a userPrincipalName or the > samAccountName @ REALM (or netbios domain) is a valid client > principal, and samAccountName @ REALM or servicePrinicpalName @ REALM > is a valid server principal, but I can't find where this is actually > written down, and I'm not entirely clear what exact restriction I > should implement on these mappings, if any. > > In particular, what specifically determines that a principal is a > valid Kerberos service principal? G'Day, I don't have a record of this being assigned a case. Can someone at Microsoft please start looking into this, as it appears to be a gap in the documentation. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
