[31066] in Kerberos
Re: kerberos tickets and the SPNs
daemon@ATHENA.MIT.EDU (Ravi Channavajhala)
Wed May 6 23:40:02 2009
MIME-Version: 1.0
In-Reply-To: <BqSdnXulKJCrd5zXnZ2dnUVZ8gmdnZ2d@posted.plusnet>
Date: Thu, 7 May 2009 09:09:38 +0530
Message-ID: <73739dc10905062039l1a9547aetc525969abb0efcae@mail.gmail.com>
From: Ravi Channavajhala <ravi.channavajhala@dciera.com>
To: Markus Moeller <huaraz@moeller.plus.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, May 7, 2009 at 1:19 AM, Markus Moeller <huaraz@moeller.plus.com> wrote:
>
> You could add a copy to the keytab with ktutil which has an uppercase HOST
> e.g.
>
> # ktutil
> ktutil: rkt /tmp/test.keytab
> ktutil: l -k
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> 1 3 host/opensuse11.suse.home@SUSE.HOME
> (0xd962b1ecc18a809eb57c4a031193623a)
> ktutil: addent -key -p HOST/opensuse11.suse.home@SUSE.HOME -k 3 -e rc4-hmac
> Key for HOST/opensuse11.suse.home@SUSE.HOME (hex):
> d962b1ecc18a809eb57c4a031193623a
> ktutil: l -k
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> 1 3 host/opensuse11.suse.home@SUSE.HOME
> (0xd962b1ecc18a809eb57c4a031193623a)
> 2 3 HOST/opensuse11.suse.home@SUSE.HOME
> (0xd962b1ecc18a809eb57c4a031193623a)
> ktutil: wkt /tmp/new.keytab
> ktutil: quit
Interesting. This means, I need to have all the SPNs included in the
keytab? Do you see an inherent problem with deleting the existing
SPNs on windows KDC and adding only one SPN of the form host/fqdn and
generating the keytab?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
