Aqcuiring a TGT for a host/ principal using Active Directory
John Hefferman
john.hefferman at cern.ch
Wed Apr 8 12:54:26 EDT 2009
Dear All,
The problem was definitely related to the bug with SP1, as after
applying the hotfix and specifying +DesOnly when running ktpass, kinit
-kt works fine.
Thank you all for your time and the information,
John
-----Original Message-----
From: Javier Palacios [mailto:javiplx at gmail.com]
Sent: 08 April 2009 18:18
To: John Hefferman
Cc: kerberos at mit.edu
Subject: Re: Aqcuiring a TGT for a host/ principal using Active
Directory
On Wed, Apr 8, 2009 at 11:52 AM, John Hefferman <john.hefferman at cern.ch>
wrote:
> The problem I am experiencing, is that I can't seem to 'kinit -k'
using
> an spn of an instance type such as host/ when using an AD domain
> controller.
>
> The procedure is as follows:
> - I create a new account in active directory, such as 'computerA'
> - I run ktpass (or msktutil) to associate a host/ principal name with
> this account (host/computerA.fqdn at REALM) and create a keytab
You can try to install samba at the unix server, configure for
kerberos security and join it to the domain, an also try with
css_adkadmin.
Javier Palacios
More information about the Kerberos
mailing list