Oh, just compiled 1.7 alpha and indeed kinit worked great with nt-enterprise (just used the -E flag). I was trying to find the krb5.conf setting that enabled the enterprise name for all krb apps.
But even if i do find it, you say it's useless because pam_krb5 won't use it? Ahh what a disappointment.. On Mon, Mar 9, 2009 at 9:51 PM, Luke Howard <lu...@padl.com> wrote: > > On 10/03/2009, at 3:17 AM, Santos wrote: > > On Mon, Mar 9, 2009 at 1:35 PM, Luke Howard <lu...@padl.com> wrote: >>> >>> MIT Kerberos 1.7 adds the -C (canonicalize) and -E (enterprise >>>> principal name) options to kinit, which may help. >>>> >>> >>> >>> >> Actualy my main priority is to use pam_krb5. >> >> If i compile MIT kerberos 1.7 on ubuntu 8.10. Will pam_krb5 be able to use >> those flags? Does the krb5.conf file have any settings to enable those >> settings as default? >> > > It doesn't but you should be able to easily modify pam_krb5 to call > krb5_get_init_creds_opt_set_canonicalize(), and to call > krb5_parse_name_flags(KRB5_PRINCIPAL_PARSE_ENTERPRISE) rather than > krb5_parse_name(). Of course, this should be made configurable. > > -- Luke > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
