msktutil requires seperate account for each service principal?
John Hefferman
john.hefferman at cern.ch
Fri Oct 2 04:34:29 EDT 2009
Dear list,
To my knowledge (and after some tests), msktutil requires a separate account in active directory for each service principal needed for a machine.
For instance, if a Linux computer is going to need a host/ and a http/ service principal it would be nessesary to run msktutil twice, such as:
msktutil -h fqdn --computer-name linux-computer --verbose -s host/fqdn -k linuxComputer.keytab --server domainControllerFqdn
msktutil -h fqdn --computer-name linux-computer-http --verbose -s http/fqdn -k linuxComputerHttp.keytab --server domainControllerFqdn
I just wanted to confirm this was the case, or whether it is possible to have both host/ and http/ under the same account in AD.
Thanks in advance for any help,
John
More information about the Kerberos
mailing list