ApacheDSers, I just wanted to drop you guys a line to let you know that the kerberos-client code works well with Active Directory (at least for a TGT, I haven't tried a SGT) with one caveat. The user principal name in ad has the domain as lowercase (ie [EMAIL PROTECTED]) but in order for the kerberos-client code to work the domain needs to be upper case (ie [EMAIL PROTECTED]). I don't know if this is because of the internal code or AD.
A question about the internals of the kerberos-client, does it make sense to pool the connection objects? does it maintain an open connection or does it open a new connection for each ticket? Thanks Marc
