Hi all, I have an environment, where MIT Kerberos clients request TGT Tickets form MS Active Directory KDC. For preauthentication PA_ENC_TIMESTAMP is used. The user/principal name is case-sensitive, i.e. AD KDC does only provide a TGT, when the principal name used for constructing the ticket request on the client is case equal to the windows user account name configured in AD.
Windows clients (e.g., windows messenger) requesting a TGT for the same account are not restricted to case equal names. Is this due to the different used pre-authentication scheme (PA_PAC_TIMESTAMP)? Is there any way (configuring AD KDC or MIT-Kerberos client) that allows users on the MIT-Kerberos client to don't bother about case sensitivity of user/principal names when asked to provide their login name ? Thanks, Michael ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
