If you use an LDAP backend to store the Kerberos attributes, is it then easier to use a '@' in user part of the principal? I'm particularly interested in being able to do this without having to escape the '@'.
Steve On Fri, Feb 18, 2011 at 2:44 PM, Stephen Ingram <[email protected]> wrote: > Greg- > > On Fri, Feb 18, 2011 at 1:37 PM, Greg Hudson <[email protected]> wrote: >> On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote: >>> Is it possible to use an '@' character in a kerberos principal such >>> that the full principal would read something like >>> [email protected]@DOMAIN.COM? Note that domain1.com is in the >>> DOMAIN.COM realm. I've been able to successfully add a principal like >>> this by using a '\' before the '@'. However, kinit doesn't seem to >>> pass the information similarly such that I can obtain a tgt. >> >> It works for me. Are you sure that the shell isn't eating the \ >> character before you pass it to kinit? > > Thank you. That's exactly what was happening. Using quotes solved the problem. > > Obviously this is not going to be a great solution for users to have > to remember to use quotes and backslash characters to obtain their > tgt. I'm guessing that this is why no one seems to use principals like > these except maybe those who can take care of this through a Web > browser interface or such? > > Steve > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
