Authenticating using lower case domain/realm
- From: San tos <sansancasd@xxxxxxxxx>
- Date: Mon, 9 Mar 2009 11:48:55 +0000
Hello to all.
I have successfully configured ubuntu machines to authenticate to a active
directory running windows 2k (pam_krb5/LDAP/Kerberos). The realm is
DOMAIN.COM, however in order to be user friendly and maintain the same login
address in everything, i need to authenticate using user@xxxxxxxxxx instead
of user@xxxxxxxxxxx
It seems windows 2k, accepts either way, but maybe kerberos don't like the
response it receives:
kinit(v5): KDC reply did not match expectations while getting initial
credentials
I'm using ubuntu 8.10 and:
krb5-config 1.19 Configuration files for Kerberos Version 5
krb5-user 1.6.dfsg.4~beta1-3 Basic programs to authenticate using MIT Ker
libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries
The krb5.conf:
[libdefaults]
default_realm = DOMAIN.COM
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# dns_lookup_realm = true
# dns_lookup_kdc = false
[realms]
DOMAIN.COM = {
kdc = dc.domain.com
admin_server = dc.domain.com
default_domain = DOMAIN.COM
}
[domain_realm]
domain.com = DOMAIN.COM
.domain.com = DOMAIN.COM
I have googled, read the mans, tried a lot of other configurations, etc, for
days now, but can't figure it out. I will appreciate any input you got on
this.
Thanks in advance for you replies.
Santos
.
- Prev by Date: Re: WS-Security and GSS-API: How do I get the session key?
- Next by Date: Re: Authenticating using lower case domain/realm
- Previous by thread: Authenticating to LDAP using a HTTP ticket
- Next by thread: Re: Authenticating using lower case domain/realm
- Index(es):
Relevant Pages
|
