"Michael B Allen" <[EMAIL PROTECTED]> writes: > Active Directory does not use the userPrincipalName attribute to do > Kerberos authentication. It uses [EMAIL PROTECTED]
I just tested against our Active Directory with an account that had both userPrincipalName and sAMAccountName set to different values and was able to authenticate using either of the two names via kinit from a Debian system. Either returned valid tickets for the principal name that I used, and both had the same password and hence were using the same Active Directory record. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
