On 08/21/2015 12:35 AM, Cory Albrecht wrote: > I just recently redid my krb5 set up to use LDAP as backend (for less > hassle replication since the LDAP servers were already doing that) and I > was wondering what the best/easiest ways were to deal with cases where > multiple kerberos principals would be logically associated with a single > account/LDAP object.
We have support for this in the LDAP KDB module, but not in the administrative tools, and it isn't documented. After creating the principal with the canonical name, you need to add a krbCanonicalName attribute for the canonical name (with the same value as the already existing krbPrincipalName attribute), and then add additional krbPrincipalName attributes. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
