Thanks for clarifying. I got the following reply kinit(v5): Client not found in Kerberos database while getting initial credentials
The only real difference I could see in the AS REQ is that XP uses type 10 and kinit use type 1. Regards Markus "Jeffrey Hutzelman" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller > <[EMAIL PROTECTED]> wrote: > >> I tried to use kinit [EMAIL PROTECTED]@DOMAIN.COM (\\ escapes @) >> with MIT against AD where the userprincipalname is set to the email >> address but failed, whereas I can login on XP using the email address. I >> found that MS uses a principal type 10 (= enterprise name). Is this >> anywhere defined in a standard or is this a MS extension ? > > The value is assigned in RFC4120 section 7.5.8, but without details as to > the expected name form. What you're seeing is the most common usage for > this name type. Note that Kerberos principal name types are advisory; > they > generally do not need to match. > > You only said "I tried... but failed." How did you fail? Were you unable > to type the backslash, or perhaps the at-sign? Or did kinit print some > error message you're not sharing with us? > > -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> > Sr. Research Systems Programmer > School of Computer Science - Research Computing Facility > Carnegie Mellon University - Pittsburgh, PA > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
