Am I understanding correctly that I should be able to put several krbPrincipalNames under one dn, set the krbCanonicalName, and the KDC should return the krbCanonicalName or alias (not sure which) for any of the listed krbPrincipalNames?
This is how I am trying use this, and it doesn't seem to be working. I can use the same queries I see going to the LDAP server manually as the KDC user, and they return the correct record, but the KDC always says it cannot find the service principal if I use an alias. I see a spot in the code that will set the principal name if it sees both krbcanonicalname and the KRB5_KDB_FLAG_CANONICALIZE flag. From what I think I read in the docs, this is supposed to be on for service principals by default. Any help in understanding what I'm not understanding here would be appreciated. Chris ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
