On Wed, 2015-02-18 at 04:50 +0000, Sreekanth Nadendla wrote: > > For #4, It is not clear what you mean by valid service principal. We > know the rules of constructing an SPN and anything that follows the > syntax is a valid one. The Active Directory finds a match to identify > the user/machine account given an SPN. As for restrictions on these > fields, section "3.1.1.5.1.3 Uniqueness Constraints" in MS-ADTS > answers it.
Specifically, why can I get a ticket to machine$@REALM but not administrator@REALM? It is more than the valid construction of the name - something in the database is different between these two similar cases. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
