On Thu, May 7, 2009 at 1:19 AM, Markus Moeller <[email protected]> wrote: > > You could add a copy to the keytab with ktutil which has an uppercase HOST > e.g. > > # ktutil > ktutil: rkt /tmp/test.keytab > ktutil: l -k > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 3 host/[email protected] > (0xd962b1ecc18a809eb57c4a031193623a) > ktutil: addent -key -p HOST/[email protected] -k 3 -e rc4-hmac > Key for HOST/[email protected] (hex): > d962b1ecc18a809eb57c4a031193623a > ktutil: l -k > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 3 host/[email protected] > (0xd962b1ecc18a809eb57c4a031193623a) > 2 3 HOST/[email protected] > (0xd962b1ecc18a809eb57c4a031193623a) > ktutil: wkt /tmp/new.keytab > ktutil: quit
Interesting. This means, I need to have all the SPNs included in the keytab? Do you see an inherent problem with deleting the existing SPNs on windows KDC and adding only one SPN of the form host/fqdn and generating the keytab? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
