Hi,
is it possible to use a different attribute in AD as the UPN for a specific SPN?
For example, if I access http://webserver.company.com and it has spnego (kerberos auth) configured it can use the default UPN attribute but if I browse to http://myspecialweserver.company.com (which also has spnego enabled) I want a different attribute to be used for the UPN inside the kerberos ticket for example firstname@ADrealm.com. The reason behind is that the webservers are not IIS servers so they have their own user store in which they look up the users to make sure they have a valid account.
Many thanks,
Edward
is it possible to use a different attribute in AD as the UPN for a specific SPN?
For example, if I access http://webserver.company.com and it has spnego (kerberos auth) configured it can use the default UPN attribute but if I browse to http://myspecialweserver.company.com (which also has spnego enabled) I want a different attribute to be used for the UPN inside the kerberos ticket for example firstname@ADrealm.com. The reason behind is that the webservers are not IIS servers so they have their own user store in which they look up the users to make sure they have a valid account.
Many thanks,
Edward