Hi, I'd like to find out if there is any way to extract a HOST keytab for a windows computer that is already a member of an active directory domain.
A Java developer I look after wants to do the single sign on thing to his web application. Our environment is a mixed Active Directory and Solaris environment. By creating a new user in active directory, and mapping the user to a service principle using ktpass.exe, we now have SPNEGO single sign on working between the clients Internet Explorer and the JBoss server on *Solaris*. So far so good. The developer, who uses a Windows workstation that is part the Active Directory domain, now wants the SPNEGO authentication to work in his own windows workstation - and for that to work I need to get the keytab for the host/[EMAIL PROTECTED] A quick LDAP lookup of his workstation in AD reveals that it already has a servicePrincipalName of HOST/pingname.of.host - so presumably I can extract the keytab somehow. But how? I don't personally have admin access to the AD domain, but I work with the folks who do. Eddie ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos