kerberos tickets and the SPNs
Ravi Channavajhala
ravi.channavajhala at dciera.com
Wed May 6 23:39:38 EDT 2009
On Thu, May 7, 2009 at 1:19 AM, Markus Moeller <huaraz at moeller.plus.com> wrote:
>
> You could add a copy to the keytab with ktutil which has an uppercase HOST
> e.g.
>
> # ktutil
> ktutil: rkt /tmp/test.keytab
> ktutil: l -k
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> 1 3 host/opensuse11.suse.home at SUSE.HOME
> (0xd962b1ecc18a809eb57c4a031193623a)
> ktutil: addent -key -p HOST/opensuse11.suse.home at SUSE.HOME -k 3 -e rc4-hmac
> Key for HOST/opensuse11.suse.home at SUSE.HOME (hex):
> d962b1ecc18a809eb57c4a031193623a
> ktutil: l -k
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> 1 3 host/opensuse11.suse.home at SUSE.HOME
> (0xd962b1ecc18a809eb57c4a031193623a)
> 2 3 HOST/opensuse11.suse.home at SUSE.HOME
> (0xd962b1ecc18a809eb57c4a031193623a)
> ktutil: wkt /tmp/new.keytab
> ktutil: quit
Interesting. This means, I need to have all the SPNs included in the
keytab? Do you see an inherent problem with deleting the existing
SPNs on windows KDC and adding only one SPN of the form host/fqdn and
generating the keytab?
More information about the Kerberos
mailing list