Greg Hudson wrote: > On 02/13/2015 11:52 AM, Gergely Czuczy wrote: >> So, this means, when adding an alias, addition work is not needed, just >> another value for krbPrincipalName? >> I had the impression that some additional stuff needs to be stored along >> with the alias, like, i don't know, keys, or whatever stuff. This part >> wasn't clear from the docs. > > The point of an alias is that it refers to the same principal entry, > including keys. > > You do need to add a krbCanonicalName attribute so that the KDC knows > which principal name is the canonical name.
So the alias name is not cryptographically bound to the principal's key? Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
