need to re-evaluate enumerating users

Andrew Bartlett abartlet at samba.org
Thu Nov 10 21:20:24 GMT 2005


On Thu, 2005-11-10 at 13:14 -0600, Gerald (Jerry) Carter wrote:

> For the principal names:
> 
> Scenario (a) uses OURDOMAIN at TRUSTED.REALM
> 
> Scenario (b) always uses RPC
> 
> Scenario (c) users the sAMAccountName at OUR.REALM for
> security = domain (the account created when we join the domain
> has no SPN).  Otherwise we use the host/global_myname()@OUR.REALM
> SPN.

I'm surprised by the use of the host/global_myname()@OUR.REALM bit,
because I thought that kinit only worked for samAccountName at OUR.REALM

Clearly I need to do more testing, because I had coded the Samba4 KDC up
with that assumption...

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051111/a70736af/attachment.bin


More information about the samba-technical mailing list