eUPN and Kerberos PAC issues (was: Re: [PATCH] s4:kdc: add aes key support for trusted domains)
Andrew Bartlett
abartlet at samba.org
Tue Mar 10 16:28:43 MDT 2015
On Tue, 2015-03-10 at 16:23 +0100, Stefan (metze) Metzmacher wrote:
> But while testing I found some additional problems with enterprise
> principals,
> see the attached patches.
Thanks. What did you do to trigger these? Did it happen on the server,
or (as I'm assuming) on the client? Does it trigger against Windows as
the server, or Samba? Unless canonicalise was forced off (like I do in
the krb5.kdc tests), how do we get an enterprise principal in the PAC?
In the meantime, I'll follow though and finish the tests by making our
code validate the tickets being obtained.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150311/394645aa/attachment.pgp>
More information about the samba-technical
mailing list