Hello,
I am trying to create an enterprise principal with kadmin.local; but I cannot
find what the proper procedure is.
What fails is naively doing
addprinc [email protected]@EXAMPLE.COM
I do succeed when I instead do
addprinc user\@[email protected]
I did find that the -E (MIT) or —enterprise (Heimdal) switch work to login to a
principal [email protected]@EXAMPLE.COM; without the flag, I need to escape the
first @ with a backslash; the Ticket Viewer of Mac OS X also needs this
backslash. It’s almost as if that backslash is what makes up an enterprise
name.
But this leaves me a bit worried about the KRB5-NT-ENTERPRISE nametype — does
it apply to what I am doing? Does my approach create a correct enterprise
principal name, or am I so lucky to run into leniency by Kerberos?
Thanks,
-Rick
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
