Aqcuiring a TGT for a host/ principal using Active Directory

John Hefferman john.hefferman at cern.ch
Wed Apr 8 12:54:26 EDT 2009


Dear All,

The problem was definitely related to the bug with SP1, as after
applying the hotfix and specifying +DesOnly when running ktpass, kinit
-kt works fine.

Thank you all for your time and the information,

John

-----Original Message-----
From: Javier Palacios [mailto:javiplx at gmail.com] 
Sent: 08 April 2009 18:18
To: John Hefferman
Cc: kerberos at mit.edu
Subject: Re: Aqcuiring a TGT for a host/ principal using Active
Directory

On Wed, Apr 8, 2009 at 11:52 AM, John Hefferman <john.hefferman at cern.ch>
wrote:


> The problem I am experiencing, is that I can't seem to 'kinit -k'
using
> an spn of an instance type such as host/ when using an AD domain
> controller.
>
> The procedure is as follows:
> - I create a new account in active directory, such as 'computerA'
> - I run ktpass (or msktutil) to associate a host/ principal name with
> this account (host/computerA.fqdn at REALM) and create a keytab

You can try to install samba at the unix server, configure for
kerberos security and join it to the domain, an also try with
css_adkadmin.

Javier Palacios




More information about the Kerberos mailing list