need to re-evaluate enumerating users
Andrew Bartlett
abartlet at samba.org
Thu Nov 10 21:20:24 GMT 2005
On Thu, 2005-11-10 at 13:14 -0600, Gerald (Jerry) Carter wrote:
> For the principal names:
>
> Scenario (a) uses OURDOMAIN at TRUSTED.REALM
>
> Scenario (b) always uses RPC
>
> Scenario (c) users the sAMAccountName at OUR.REALM for
> security = domain (the account created when we join the domain
> has no SPN). Otherwise we use the host/global_myname()@OUR.REALM
> SPN.
I'm surprised by the use of the host/global_myname()@OUR.REALM bit,
because I thought that kinit only worked for samAccountName at OUR.REALM
Clearly I need to do more testing, because I had coded the Samba4 KDC up
with that assumption...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051111/a70736af/attachment.bin
More information about the samba-technical
mailing list