[Fwd: Re: [PATCH] keytab management for ADS mode.]
Jim McDonough
jmcd at us.ibm.com
Sun Feb 1 13:35:32 GMT 2004
Luke Howard wrote:
> >Cool ! Thanks - that looks like it - you can't kinit for the fqdn
> >host and cifs principals, but you can get them with kvno. Thanks
> >for the help, I'll store that away for future testing.... :-).
>
> Actually, you may be able to kinit for the "fqdn" principals if
> you modify kinit to set the name canonicalize bit in the AS-REQ.
My experience was that kinit, or rather the krb5 client libs, don't like
when tickets come back for a different principal that they were requested
for...so the 2k KDC was sending them back OK, but kinit barfed. Does this
bit make them come back in the same format(seems like it would do the
opposite)?
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
jmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list