Getting exception using pypsrp with username in lowercase when sAMAccountName is in uppercase

[massimiliano-dalcero]

Hello :) I have a problem using username in lowercase when sAMAccountName on Active Directory is all in upper case.

I discovered the problem when the system administrator delete and recreate the user using all uppercase characters. So after that the login via Kerberos stopped working with exception: Matching credential not found

If I change the username to all uppercase it works fine, but this is not correct since active directory is case INsensitive

I'm using: pypsrp version: 0.8.1 on Ubuntu 22.04 and Python 3.10.12

the error chains is:

SpnegoError (4294967295): Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): Matching credential not found, Context: Processing security token
Traceback (most recent call last):
[...]
gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): Matching credential not found

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
[...]
spnego.exceptions.SpnegoError: SpnegoError (4294967295): Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): Matching credential not found, Context: Processing security token

The problem remains the same by reversing upper and lower case with inverted but always discordant: sAMAccountName in lowercase and username in uppercase.

Thanks and best regards.

[jborean93]

Unfortunately Kerberos names on non-Windows (macOS/Linux) are case sensitive unlike Windows where is is case insensitively. Unfortunately I'm not aware of any way to make name matching case insensitive on non-Windows so you need to ensure that you use the proper casing of the names. There's also nothing I can do in Python as all the Kerberos implementation is done in a C library that the Python library is calling.