need to re-evaluate enumerating users
Gerald (Jerry) Carter
jerry at samba.org
Thu Nov 10 21:34:37 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett wrote:
| On Thu, 2005-11-10 at 13:14 -0600, Gerald (Jerry) Carter wrote:
|
|> For the principal names:
|>
|> Scenario (a) uses OURDOMAIN at TRUSTED.REALM
|>
|> Scenario (b) always uses RPC
|>
|> Scenario (c) users the sAMAccountName at OUR.REALM for
|> security = domain (the account created when we join the domain
|> has no SPN). Otherwise we use the host/global_myname()@OUR.REALM
|> SPN.
|
| I'm surprised by the use of the host/global_myname()@OUR.REALM
| bit, because I thought that kinit only worked for
| samAccountName at OUR.REALM
|
| Clearly I need to do more testing, because I had coded the
| Samba4 KDC up with that assumption...
That part was already there. I didn't change that.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDc7ztIR7qMdg1EfYRAv0AAJ4i0zh3uCQlmDjSRnPEEoxF3L+GbwCff/nM
KtHM2wtZyRY67fYkNiJONd4=
=upUa
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list