Hello everybody! Is there any way to configure a gnu shishi client to get tickets based on a alternative upn?
In my case, I have 10 MS AD-DS child domains and a root domain with a alternate upn configured (which can be used for all child domains during the user creation action), that matches with upn values written in the user's (we have 55k users) smartcard/token. If I try to get a ticket using the realm/dns domain name, like AD1.ENTERPRISE.COM <http://ad1.enterprise.com/>. or AD2.ENTERPRISE.COM<http://ad2.enterprise.com/>, it functions properly, but in my case, the alternate upn is CORPORATE.COM<http://corporate.com/> and, of course, a realm calledCORPORATE.COM <http://corporate.com/> doesn't really exists. I've made the following tests: kinit us...@ad1.enterprise.com --> Ok, it works, klist shows the ticket! kinit user...@ad2.enterprise.com --> OK, it works klist shows the ticket! kinit us...@corporate.com --> Error: Realm not local to KDC while getting initial credentials. Relevant portion of krb5.conf used for this example: http://dpaste.com/hold/1069113/ Thank you in advance! Gabriel Abdalla Cavalcante PS: Additional info that can be usefull: http://technet.microsoft.com/en-us/library/cc772007.aspx
_______________________________________________ Help-shishi mailing list Help-shishi@gnu.org https://lists.gnu.org/mailman/listinfo/help-shishi
