You could try the -C and -E options to kinit: -C canonicalize -E client is enterprise principal name
— Luke > On 2 Jun 2015, at 1:02 am, Nordgren, Bryce L -FS <bnordg...@fs.fed.us> wrote: > >> $ kinit '12001000550281\@fedidcard....@fedidcard.gov' > > Thanks! Making progress! > > It now prints a single backslash when describing the principal, both in > errors emitted from kinit and the "listprincs" command in kadmin.local. > However, I'm back to "client name mismatch" out of kinit, presumably because > the MS User Principal Name in the certificate lacks the backslash. > > Bryce > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos -- www.lukehoward.com soundcloud.com/lukehoward ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos