On Fri, 2011-02-18 at 16:20 -0500, Stephen Ingram wrote: > Is it possible to use an '@' character in a kerberos principal such > that the full principal would read something like > [email protected]@DOMAIN.COM? Note that domain1.com is in the > DOMAIN.COM realm. I've been able to successfully add a principal like > this by using a '\' before the '@'. However, kinit doesn't seem to > pass the information similarly such that I can obtain a tgt.
It works for me. Are you sure that the shell isn't eating the \ character before you pass it to kinit? equal-rites$ kadmin.local Authenticating as principal user/[email protected] with password. kadmin.local: addprinc a\@b WARNING: no policy specified for a\@[email protected]; defaulting to no policy Enter password for principal "a\@[email protected]": Re-enter password for principal "a\@[email protected]": Principal "a\@[email protected]" created. equal-rites$ kinit 'a\@b' Password for a\@[email protected]: equal-rites$ kinit a\@b kinit: Cannot find KDC for requested realm while getting initial credentials ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
