Kerberos logins case-sensitive starting with OS X Lion (10.7)

1 Star2 Stars3 Stars4 Stars5 Stars
Loading ... Loading ...

When Apple switched from using MIT Kerberos to Heimdal Kerberos in OS X Lion (10.7) logins became case sensitive. If the user’s name in Active Directory is “Fred” and the only enabled authentication method in ExtremeZ-IP is Kerberos, logging in as “fred” will not work. If Encrypted logins are also allowed (the default) when the Kerberos UAM fails the AFP client will fallback to DHX2 User Authentication Module (UAM) and the connection will proceed normally.

The problem is not unique to AFP. This Kerberos change also prevents SMB logins; however, similar to the AFP client falling back to using DHX2, the SMB client silently falls back to NTLM.

Was this Knowledge Base item helpful to you?

Customer Support Survey
  1. We are always looking to improve our customer support. Please let us know if the information you found was helpful by completing this survey.
  2. This Article


  3. *
  4. Captcha
 

cforms contact form by delicious:days