What UPN formats are supported by Kerberos S4U?
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/23/04
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: security exception for aspx page"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Nov 2004 16:28:13 -0600
I have what I think is a quick question. I'm using Kerberos S4U to create Windows logon tokens, in this case using the .NET wrapper new WindowsIdentity(string userPrincipalName). What I'd like to know is what UPN formats are supported by this API?
I assumed that because the function parameter was called userPrincipalName, the value had to be the user's userPrincipalName in AD (e.g joe@fabrikam.com). However, in my testing, I was able to determine that using the user's sAMAccountName in AD worked fine too (e.g. joe).
Note that this was tested in a single domain/single forest. Also, all the users tested had the sAMAccountName equal to the alias part of the userPrinicipalName, so I don't know if either of those parameters matter.
Thanks in advance to anyone who can help. This detail isn't covered in the Protocol Transition/Constrained Delegation whitepaper that saw.
Joe K.
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: security exception for aspx page"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
