> The reason is that rpcidmapd` does not parse fully-qualified usernames
> so"adt...@ad.example.org@IPA.EXAMPLE.ORG" does not work.

If someone can educate me as to why there are two @ signs in the above, I can 
fix the wiki page 
(http://www.freeipa.org/page/Collaboration_with_Kerberos#Mechanism_1:_Kerberos_cross-realm_trusts)

I know about individual cross-realm principals,

adtest/ad.example....@ipa.example.org

And I know about cross-realm trust principals:

krbtgt/ad.example....@ipa.example.org

But I was under the impression that if a user traversed a trust, their client 
principal name would still be adt...@ad.example.org . I am not aware of any 
circumstances which would produce a client principal with two "@" signs in it. 
Pls fix my ignorance.

Thanks,
Bryce




This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 
immediately.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to