On Friday, October 13, 2006 07:45:17 PM +0100 Markus Moeller <[EMAIL PROTECTED]> wrote:
> I tried to use kinit [EMAIL PROTECTED]@DOMAIN.COM (\\ escapes @) > with MIT against AD where the userprincipalname is set to the email > address but failed, whereas I can login on XP using the email address. I > found that MS uses a principal type 10 (= enterprise name). Is this > anywhere defined in a standard or is this a MS extension ? The value is assigned in RFC4120 section 7.5.8, but without details as to the expected name form. What you're seeing is the most common usage for this name type. Note that Kerberos principal name types are advisory; they generally do not need to match. You only said "I tried... but failed." How did you fail? Were you unable to type the backslash, or perhaps the at-sign? Or did kinit print some error message you're not sharing with us? -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos