I tried to use kinit [EMAIL PROTECTED]@DOMAIN.COM (\\ escapes @) with MIT against AD where the userprincipalname is set to the email address but failed, whereas I can login on XP using the email address. I found that MS uses a principal type 10 (= enterprise name). Is this anywhere defined in a standard or is this a MS extension ?
Thanks Markus "Markus Moeller" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I think the problem is that MIT and Heimdal don't allow a @ in the >userprincipalname. If you capture the traffic from a XP machine to AD when >you login with [EMAIL PROTECTED] you will see an AS request >for [EMAIL PROTECTED]@KONZERN.INTERN > > Rgards > Markus > > > "Michael B Allen" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> On Tue, 10 Oct 2006 08:40:55 +0200 >> "Djihangiroff, Matthias (KC-DD)" <[EMAIL PROTECTED]> >> wrote: >> >>> But it doesnt work. >>> If they type in their user PrincipalName, i get an entry in my error >>> log. (Specified realm `persona.de' not allowed by configuration) >> <snip> >>> > > get a ticket for [EMAIL PROTECTED] But the realm >>> > > persona.de doesnt exists (its konzern.intern) :-) >> >> Ahh, I see. I can think of several possible solutions: >> >> 1) Hack mod_kerb_auth to "rewrite" the email address to their correct >> userPrincipalName >> 2) Instruct users to use their correct konzern.intern domain >> 3) Rebuild your entire domain to use persona.de instead of konzern.inter >> 4) Setup a KDC for persona.de with a trust to konzern.intern >> >> Note I know more about Negotiate auth than I do Kerberos in general so >> hopefully someone will chime in if I'm wrong. >> >> -- >> Michael B Allen >> PHP Active Directory SSO >> http://www.ioplex.com/ >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos >> > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
