[cifs-protocol] 115012912337526 Where is the link between Kerberos principals and servicePrincipalName/userPrincipalName specified?
Andrew Bartlett
abartlet at samba.org
Wed Feb 18 14:08:06 MST 2015
On Wed, 2015-02-18 at 20:57 +0000, Sreekanth Nadendla wrote:
> > Specifically, why can I get a ticket to machine$@REALM but not administrator at REALM?
>
> Andrew, I am able to get ticket for administrator at REALM. See below.
By 'to' I mean both:
- as the service principal in the AS-REQ. Typically this is krbtgt/ so
you can get a ticket granting ticket, but you can actually ask for a
ticket to any valid service. kpasswd is a good example
- as the service principal in the TGS-REQ.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list