Kerberos logins case-sensitive starting with OS X Lion (10.7)

1 Star2 Stars3 Stars4 Stars5 Stars

When Apple switched from using MIT Kerberos to Heimdal Kerberos in OS X Lion (10.7) logins became case sensitive. If the user’s name in Active Directory is “Fred” and the only enabled authentication method in ExtremeZ-IP is Kerberos, logging in as “fred” will not work. If Encrypted logins are also allowed (the default) when the Kerberos UAM fails the AFP client will fallback to DHX2 User Authentication Module (UAM) and the connection will proceed normally.

The problem is not unique to AFP. This Kerberos change also prevents SMB logins; however, similar to the AFP client falling back to using DHX2, the SMB client silently falls back to NTLM.