> You could try the -C and -E options to kinit: > > -C canonicalize > -E client is enterprise principal name > > — Luke
I could, but I'm not certain the MIT Kerberos KDC (to which kinit is connecting) knows how to canonicalize. Boy if I could get user principal mapping going, that would be sweet. For the moment, I seem to be PKINITing successfully. Bryce ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
