Hi Alan,
On Thu, Oct 6, 2016 at 9:29 PM, Alan Braggins wrote:
> I do have a patch that adds gss_nt_krb5_name_enterprise as a
> recognised OID (szOID_NT_PRINCIPAL_NAME 1.3.6.1.4.1.311.20.2.3),
> and replaces a call to krb5_parse_name with krb5_parse_name_flags
> with
Apparently I also have a broken mail that truncated most of that message.
I'll see if I can recover it.
From: Alan Braggins
Sent: 06 October 2016 19:45
To: Greg Hudson; Isaac Boukris; kerberos
Subject: Re: Using enterprise principal name in GSS-API
On 23
On 23/09/16 15:50, Greg Hudson wrote:
> On 09/23/2016 03:52 AM, Isaac Boukris wrote:
>> Maybe we need a new gss name type oid like GSS_NT_ENTERPRISE_NAME,
>> though I guess it's more complicated than it sounds :)
>
> I think that might be reasonable for this use case. I've seen requests
> to be
On 23/09/16 15:50, Greg Hudson wrote:
> On 09/23/2016 03:52 AM, Isaac Boukris wrote:
>> Maybe we need a new gss name type oid like GSS_NT_ENTERPRISE_NAME,
>> though I guess it's more complicated than it sounds :)
>
> I think that might be reasonable for this use case. I've seen requests
> to be
On Mon, Sep 26, 2016 at 7:09 PM, Greg Hudson wrote:
> On 09/25/2016 04:32 PM, Isaac Boukris wrote:
>> In such a case (no canonicalization), if the user is found, the KDC
>> returns AS reply with the exact name and name-type (enterprise) as
>> requested.
>
> Interesting. That's
On Mon, Sep 26, 2016 at 7:09 PM, Greg Hudson wrote:
> On 09/25/2016 04:32 PM, Isaac Boukris wrote:
>> The more a look at the code and on wire traffic, I think
>> enterprise-name and canonicalization are different things (although
>> related).
>> Here is what my tests against AD
On 09/25/2016 04:32 PM, Isaac Boukris wrote:
> The more a look at the code and on wire traffic, I think
> enterprise-name and canonicalization are different things (although
> related).
> Here is what my tests against AD (w2k3) seem to show so far.
>
> First, the 'kinit' man page says -E implies
Hi Greg,
On Fri, Sep 23, 2016 at 5:50 PM, Greg Hudson wrote:
> On 09/23/2016 03:52 AM, Isaac Boukris wrote:
>> Maybe we need a new gss name type oid like GSS_NT_ENTERPRISE_NAME,
>> though I guess it's more complicated than it sounds :)
>
> I think that might be reasonable for
On 09/23/2016 03:52 AM, Isaac Boukris wrote:
> Maybe we need a new gss name type oid like GSS_NT_ENTERPRISE_NAME,
> though I guess it's more complicated than it sounds :)
I think that might be reasonable for this use case. I've seen requests
to be able to import enterprise principal names
Hi again,
On Wed, Sep 21, 2016 at 12:07 AM, Isaac Boukris wrote:
> Hi all,
>
> Is there a way to support name canonicalization (like kinit -E) when
> acquiring creds via gss_acquire_cred_with_password() and
> gss_acquire_cred_impersonate_name() ?
>
> The use case is to use
Hi all,
Is there a way to support name canonicalization (like kinit -E) when
acquiring creds via gss_acquire_cred_with_password() and
gss_acquire_cred_impersonate_name() ?
The use case is to use userPrincipalName for client name against AD.
Thanks!
11 matches
Mail list logo