[krbdev.mit.edu #6673] S4U2Proxy and kvno error
Arlene Berry via RT
rt-comment at krbdev.mit.edu
Fri Mar 5 18:26:19 EST 2010
We've found it necessary to have 7 variations of the principal name as
Active Directory could issue a service ticket for any of them. If the
host's FQDN is comp1.domain.com, the sAMAccountName is COMP1$ and the
realm is REALM.COM, we store keytab entries for the following list of
principals for each supported encryption type:
COMP1$@REALM.COM
host/COMP1 at REALM.COM
host/comp1 at REALM.COM
host/comp1.domain.com at REALM.COM
host/COMP1.DOMAIN.COM at REALM.COM
host/COMP1.domain.com at REALM.COM
host/comp1.DOMAIN.COM at REALM.COM
More information about the krb5-bugs
mailing list