Hello everybody! Is there any way to configure a mit keberos client to get tickets based on a alternative upn?
In my case, I have 10 MS AD-DS child domains and a root domain with a alternate upn configured (which can be used for all child domains during the user creation action), that matches with upn values written in the user's (we have 55k users) smartcard/token. If I try to get a ticket using the realm/dns domain name, like AD1.ENTERPRISE.COM. or AD2.ENTERPRISE.COM, it functions properly, but in my case, the alternate upn is CORPORATE.COM and, of course, a realm called CORPORATE.COM doesn't really exists. I've made the following tests: kinit [email protected] --> Ok, it works, klist shows the ticket! kinit [email protected] --> OK, it works klist shows the ticket! kinit [email protected] --> Error: Realm not local to KDC while getting initial credentials. Relevant portion of krb5.conf used for this example: http://dpaste.com/hold/1069113/ Thank you in advance! Gabriel Abdalla Cavalcante PS: Additional info that can be usefull: http://technet.microsoft.com/en-us/library/cc772007.aspx ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
