spn alias
Stefan Kania
stefan at kania-online.de
Thu Mar 6 12:13:04 EST 2025
We are using openldap 2.6 together with mti-kerberos version 1.18 on
debian 12.
Am 06.03.25 um 17:57 schrieb Jeffrey Hutzelman:
> What LDAP server software are you using?
>
> On Thu, Mar 6, 2025 at 11:44 AM Stefan Kania <stefan at kania-online.de
> <mailto:stefan at kania-online.de>> wrote:
>
> hi to all,
> is it possible to set an alais for the spn? We still having the problem
> doing kerberos authentication through a loadbalancer. We created a
> principal for the loadbalancer and a keytab. We then added the key to
> the ldap-keytab file, so we are having both, the ldap key for the
> server
> and the ldap key for the loadbalancer in one file. This file we use as
> keytab for the ldap-server. the client connets to the loadbalancer
> (with
> ldapsearch) and we are getting "err=49" and the log is showing that the
> spn is wrong. So we think with an alias for the spn for the
> loadbalancer
> it might work. Or is there any other way to get the
> kerberos-authentication through the loadbalancer?
>
> Stefan
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu <mailto:Kerberos at mit.edu>
> https://mailman.mit.edu/mailman/listinfo/kerberos <https://
> mailman.mit.edu/mailman/listinfo/kerberos>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4402 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://mailman.mit.edu/pipermail/kerberos/attachments/20250306/87b7078d/attachment.p7s>
More information about the Kerberos
mailing list