Luke you can use setspn to assign a SPN to a user or computer account.
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o.asp Regards Markus "Luke Howard" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > >>Unfortunately it looks like 3.0.9, while providing the host services >>that use the keytab with all combinations of >>keytab entries to match the Windows 2003/AD SPN and UPN combinations, >>does not address this issue. The UPN >>is still registered as HOST/[EMAIL PROTECTED], and a normal kinit >>-k will not succeed because the KDC >>does not accept the use of the SPN for an initial authentication. I >>understand there is a way under Windows to >>map SPNs to user accounts (UPNs), but I'm not sure how to accomplish >>that. Maybe we can accomplish this when >>we create the LDAP entry in AD? That might be a better alternative >>than changing the UPN to HOST/[EMAIL PROTECTED] >>if it may cause any problems. > > I don't think there is a way around setting the UPN to contain the > FQDN. > > -- Luke > > > -- > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
