On Sat, Nov 21, 2009 at 5:44 AM, Luke Howard <[email protected]> wrote: >> Meaning if I have a realm EXAMPLE.LOCAL and an SMTP domain EXAMPLE.COM >> and userPrincipalName attributes on accounts in AD use the SMTP domain >> like [email protected] can initial credentials be acquired? >> >> If I try kinit I get: >> >> $ kinit -f [email protected] >> kinit(v5): Cannot resolve network address for KDC in realm >> EXAMPLE.COM while getting initial credentials > > kinit -E -f [email protected]@EXAMPLE.LOCAL > > NB: if this doesn't work in 1.7, try trunk, I think it may have been broken > in 1.7.
Hi Luke, I understand now. Unfortunately, in practice, I need much more than kinit. I'm integrated with an old version of Heidmal so it seems I'll need to work on moving to a newer Heimdal and possibly work on krb5/principal.c:build_principal et al if the latest Heimdal doesn't already have it. I also want to do this with Java but given the spotted history of Java's builtin Kerberos implementation I don't expect that to be tackled easily. I kinda wish I just had a really solid ASN.1 compiler and crypto lib for the various languages. Ho-hum. Thanks, Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
