Kerberos interoperability - Windows Server w/ UNIX systems

Sasi G sasi9999 at
Mon Apr 3 20:28:22 EDT 2006


I am working on bringing a Unix service under AD.  To do this I need to map 
a service
principal name (SPN) to an AD account.  The MS document specifies using a 
account for this, and I have tested with this and it works.  However, I am 
trying to use a computer account for this.  Everything seems to work except 
ticket cannot be decrypted.  So I am curious if computer accounts can be 
for this purpose.  It seems quite straightforward, but it just didn't work.

If anyone tried mapping the principal to a computer account for UNIX service 
and got the client to authenticate to this service using kerberos, please 
let me know.


Express yourself instantly with MSN Messenger! Download today - it's FREE!

More information about the krbdev mailing list