samba keytab support for AD and kinit -k
Sam Hartman
hartmans at MIT.EDU
Mon Nov 29 00:21:41 EST 2004
>>>>> "Rakesh" == Rakesh Patel <rapatel at optonline.net> writes:
Rakesh> Just limiting below to the main issue [note that I had not
Rakesh> encountered this before when we went through various
Rakesh> stages of testing the keytab management changes].
Rakesh> Sam Hartman wrote:
Rakesh> The issue is that in the Windows KDC, an SPN can not be
Rakesh> used as a "user" for authentication and computers normally
Rakesh> do not contain a UPN entry.
>> That is not my understanding of the Microsoft KDC
>> architecture. This claim also goes against interoperability
>> tests I have conducted with Microsoft.
>>
>>
>>
Rakesh> I have a machine "rockylinux" (FC3 - samba-3.0.8-0.pre1.3
Rakesh> package) joined to an AD/2003 domain running Windows2003
Rakesh> as the DC.
To clarify, what I meant here is simply that my experience is that
Windows machine accounts created by Windows tend to be set up to allow
the principal to be used both for inbound and outbound authentication.
Samba may well do something different.
--Sam
More information about the Kerberos
mailing list