On 10/22/07, Ben W Young wrote:
> Thanks Guy's for helping me think through this. We have very large complex
> AD environment and to suggest changes like turning on "translation" between
> the UPN and the SAM would be like trying to get blood out of a stone.


Hi Ben,

That was not the conclusion. My understanding now is that Kerberos.app
could be modified to use the MS specific "enterprise principal" when
requesting the ticket rather than the regular "principal". Meaning
there's a spot in the Kerberos.app code where you would simply need to
change the principal type value from 1 to 10.

Mike

--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/