I don’t know how to find the kerberos principal for my username. I look in the users/groups properties and on the account tab, the username is listed as Thomas.Deliduka… when I changed the principal for the SSO service, that was changed there.
I don’t know. It still seems strange to me that SSO is dependant on people logging in just exactly right. That will never fly.
Well, that’s way beyond my skill set. I guess I’ll have to live with this and weigh whether or not I want to bother with this.
Essentially what I’m looking at is a bunch of people in the museum who are not technically inclined. So, we will set them up initially but the moment SSO doesn’t work or if we have them login to the system without SSO, then when they change their password it will fail to login. At that point, because they’re people who aren’t very knowledgeable, they may just click the “OK” button and never attempt to login again or they will shut it off, whatever, very few will actually enter their new password and allow it to login normally.
So, while initially it will work as expected, after 45 days when their passwords expire, people will start dropping off and it will simply not get used anymore. Turning into a big waste of time.
Kerberos Principals are case sensitive, it’s right. Windows and Java works right. But why username parameters in code above always is in lower case? Try to change samAccountName properties (pre Windows 2000 account name in user manager) to lower case. May be it help. Sorry for my poor English
We are using windows 2003. In administrative snap-in “User and computers”, in user properties, in tab account - properies - 'pre windows 2000". Sorry - our versions of windows not english and i can’t correctly name in english all headers,menus and tabs. You can use adsiedit.msc from “windows resource kit”. In properties of user you can find sAMAccountName properies.
As for as i know, client (windows XP) in windows 2003 AD use for kerberos the samaccountname@rootDNS(in upper case). As regard, other versions i don’t know.