[31421] in Kerberos
ldap principal aliases
daemon@ATHENA.MIT.EDU (Chris)
Thu Aug 27 19:47:00 2009
Date: Thu, 27 Aug 2009 19:46:31 -0400
From: Chris <lists@deksai.com>
To: kerberos@mit.edu
Message-ID: <20090827234627.GA23653@chris-laptop.a2hosting.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Am I understanding correctly that I should be able to put several
krbPrincipalNames under one dn, set the krbCanonicalName, and the KDC
should return the krbCanonicalName or alias (not sure which) for any of
the listed krbPrincipalNames?
This is how I am trying use this, and it doesn't seem to be working. I
can use the same queries I see going to the LDAP server manually as the
KDC user, and they return the correct record, but the KDC always says it
cannot find the service principal if I use an alias. I see a spot in
the code that will set the principal name if it sees both
krbcanonicalname and the KRB5_KDB_FLAG_CANONICALIZE flag. From what I
think I read in the docs, this is supposed to be on for service
principals by default.
Any help in understanding what I'm not understanding here would be
appreciated.
Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
