[31522] in Kerberos
msktutil requires seperate account for each service principal?
daemon@ATHENA.MIT.EDU (John Hefferman)
Fri Oct 2 04:35:04 2009
From: John Hefferman <john.hefferman@cern.ch>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 2 Oct 2009 10:34:29 +0200
Message-ID: <471AD4CD1F3AC846911E0C520A522E7204560F1C@cernxchg74.cern.ch>
In-Reply-To: <ha0j7m$bve$1@ger.gmane.org>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Dear list,
To my knowledge (and after some tests), msktutil requires a separate account in active directory for each service principal needed for a machine.
For instance, if a Linux computer is going to need a host/ and a http/ service principal it would be nessesary to run msktutil twice, such as:
msktutil -h fqdn --computer-name linux-computer --verbose -s host/fqdn -k linuxComputer.keytab --server domainControllerFqdn
msktutil -h fqdn --computer-name linux-computer-http --verbose -s http/fqdn -k linuxComputerHttp.keytab --server domainControllerFqdn
I just wanted to confirm this was the case, or whether it is possible to have both host/ and http/ under the same account in AD.
Thanks in advance for any help,
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
