Kerberos Authentication fails with AD if display name contains space
843810Dec 3 2009 — edited Dec 7 2009I have a strange problem. I have a java application which connects to AD 2003 and I use GSSAPI as authentication mechanism. From AD users and computers console I create a user - Christy as First Name and Thomas as the last name and Christy Thomas is populated automatically as display name(or Full Name) and I give christy as the logon name. Now in my application, I try to login as christy@SERVER.COM (UPN). But, I get the following exception
Caused by: KrbException: Client not found in Kerberos database (6)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662).
Now I again created another user- James. But this time I did not fill the last name and the logon name was james@SERVER.COM. This time it authenticated the user.
I have two questions
1. Why is it failing in the first case?
2. Which one should I use for authentication - sAMAccountName or UPN?