Bryce Its either 12001000550...@fedidcard.gov <fedidcard....@fedidcard.gov> or its 12001000550...@fedidcard.gov <fedidcard....@fedidcard.gov>
as far as your shell escaping with a \, in a command line you will not escape the @, if you are scripting it, you might. to the left of the @ is the principal name, traditionally lowercase. To the right is the REALM, traditionally uppercase. AD userPrincipalName entries should be able to handle the uppercase value being presented at authentication for the user. The userPrincipalName is the kerberos principal name, within AD. You do not have to nest the lowercase instance into the uppercase realm (in other words, dont use 12001000550281\@fedidcard....@fedidcard.gov ). You should be able to get it to work presenting consistent case and based on the example I give above. On Mon, Jun 1, 2015 at 5:02 PM, Nordgren, Bryce L -FS <bnordg...@fs.fed.us> wrote: > > $ kinit '12001000550281\@fedidcard....@fedidcard.gov' > > Thanks! Making progress! > > It now prints a single backslash when describing the principal, both in > errors emitted from kinit and the "listprincs" command in kadmin.local. > However, I'm back to "client name mismatch" out of kinit, presumably > because the MS User Principal Name in the certificate lacks the backslash. > > Bryce > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Todd Grayson Customer Operations Engineering ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
