On Tue, 10 Oct 2006 08:40:55 +0200 "Djihangiroff, Matthias (KC-DD)" <[EMAIL PROTECTED]> wrote:
> But it doesnt work. > If they type in their user PrincipalName, i get an entry in my error log. > (Specified realm `persona.de' not allowed by configuration) <snip> > > > get a ticket for [EMAIL PROTECTED] But the realm > > > persona.de doesnt exists (its konzern.intern) :-) Ahh, I see. I can think of several possible solutions: 1) Hack mod_kerb_auth to "rewrite" the email address to their correct userPrincipalName 2) Instruct users to use their correct konzern.intern domain 3) Rebuild your entire domain to use persona.de instead of konzern.inter 4) Setup a KDC for persona.de with a trust to konzern.intern Note I know more about Negotiate auth than I do Kerberos in general so hopefully someone will chime in if I'm wrong. -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
