On Mon, Jul 20, 2009 at 4:28 PM, John Jasen wrote:
> kerbe...@noopy.org wrote:
>>
>> So this means servicePrincipalName is effectively useless in AD for
>> non-Windows systems, right -- in particular when you have X number of
>> principals in a keytab but only the one that matches the UPN will
>> w
kerbe...@noopy.org wrote:
> On Mon, Jul 20, 2009 at 3:29 PM, Douglas E. Engert wrote:
> [snip
>> A keytab has the SPN and the key.
>
> I know this much as I've been writing out my own keytabs. :-)
>
>> When you kinit using a keytab to AD, you are using the SPN, but AD
>> is looking it up as a UP
kerbe...@noopy.org wrote:
> On Mon, Jul 20, 2009 at 3:29 PM, Douglas E. Engert wrote:
> [snip
>> A keytab has the SPN and the key.
>
> I know this much as I've been writing out my own keytabs. :-)
>
>> When you kinit using a keytab to AD, you are using the SPN, but AD
>> is looking it up as a
On Mon, Jul 20, 2009 at 3:29 PM, Douglas E. Engert wrote:
>
[snip
>
> A keytab has the SPN and the key.
I know this much as I've been writing out my own keytabs. :-)
> When you kinit using a keytab to AD, you are using the SPN, but AD
> is looking it up as a UPN.
So this means servicePrincipalN
Thanks for your message!
On Mon, Jul 20, 2009 at 3:23 PM, Michael B Allen wrote:
> On Mon, Jul 20, 2009 at 2:23 PM, wrote:
>> I've been able to use ktpass.exe on the Windows (2003R2) side to
>> create working keytabs for my NFSv4 environment. I'd like to have
[snip]
>
> Ktpass sets the password
P.S.
Also see the msktutil program that uses OpenLDAP
and Kerberos to create and modify keytabs and
AD accounts. The 0.3.16-7 version is a Debian distribution
that can work with AD2008 and create AES keys too:
http://download.systemimager.org/~finley/msktutil/
Douglas E. Engert wrote:
>
> kerbe.
kerbe...@noopy.org wrote:
> I've been able to use ktpass.exe on the Windows (2003R2) side to
> create working keytabs for my NFSv4 environment. I'd like to have
> both host/ and nfs/ service principal names for each host.fqdn in my
> (DNS) domain. To this end I ran 'setspn -A ...' to create a S
On Mon, Jul 20, 2009 at 2:23 PM, wrote:
> I've been able to use ktpass.exe on the Windows (2003R2) side to
> create working keytabs for my NFSv4 environment. I'd like to have
> both host/ and nfs/ service principal names for each host.fqdn in my
> (DNS) domain. To this end I ran 'setspn -A ...'
On Jul 20, 2009, at 10:47 AM, John Jasen wrote:
> David Abrahams wrote:
>> Hi,
>>
>> I'm trying to find out what's needed to make Kerberos work well on a
>> laptop that may run disconnected from its master KDC, and
>> occasionally,
>> from everything (NIC turned off). In particular, a Mac lapt
I've been able to use ktpass.exe on the Windows (2003R2) side to
create working keytabs for my NFSv4 environment. I'd like to have
both host/ and nfs/ service principal names for each host.fqdn in my
(DNS) domain. To this end I ran 'setspn -A ...' to create a SPN for
host/host.fqdn and nfs/host.f
David Abrahams wrote:
>> If you create or change the user accounts to mobile accounts,
>
> I'm sorry, I don't know what that means. Kerberos has some formal
> notion of "mobile accounts?"
OSX supports a notion of something called "mobile accounts", which is
supposed to allow things like caching
David Abrahams wrote:
> Hi,
>
> I'm trying to find out what's needed to make Kerberos work well on a
> laptop that may run disconnected from its master KDC, and occasionally,
> from everything (NIC turned off). In particular, a Mac laptop, which is
> apparently already running an LKDC
> (http://w
12 matches
Mail list logo
