You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/04/17 11:23:00 UTC
[jira] [Commented] (DIRKRB-659) Support authentication with
NT-ENTERPRISE principal names
[ https://issues.apache.org/jira/browse/DIRKRB-659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16440762#comment-16440762 ]
Colm O hEigeartaigh commented on DIRKRB-659:
--------------------------------------------
[~bedrin], I'd like to include this patch in the forthcoming 1.1.1 release - could you refactor the patch so that it applies to the current master code in Kerby?
> Support authentication with NT-ENTERPRISE principal names
> ---------------------------------------------------------
>
> Key: DIRKRB-659
> URL: https://issues.apache.org/jira/browse/DIRKRB-659
> Project: Directory Kerberos
> Issue Type: New Feature
> Affects Versions: 1.0.1
> Reporter: Dmitry Bedrin
> Assignee: Dmitry Bedrin
> Priority: Major
> Labels: patch, windows
> Fix For: 1.1.1
>
> Attachments: DIRKRB_659__Support_authentication_with_NT_ENTERPRISE_principal_names.patch
>
> Original Estimate: 24h
> Time Spent: 4h
> Remaining Estimate: 20h
>
> Apache Kerby currently doesn't support authentication using NT-ENTERPRISE principal names.
> See https://tools.ietf.org/html/rfc6806.html for details
> _KrbClientBase_ provides a method for requesting _TGT_ with arbitrary _KOptions_
> public TgtTicket requestTgt(KOptions requestOptions) throws KrbException
> However even if I set KrbOption.AS_ENTERPRISE_PN and use username like "username@dns.domain.name" Kerby Client will treat the dns.domain.name as a realm name despite the AS_ENTERPRISE_PN setting
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)