John Jasen wrote: I am Windows challenged and have never touched AD, but have been interacting with it from the *NIX side, and usually, sending Achim's document (http://grolmsnet.de/kerbtut) to the "Windows guys" solves all my problems.
> Question #1: Is there a way to get kadmin from a linux || sun || os x > client to talk to AD correctly? Barring that, is there a way that I've > missed to do basic principal manipulation (get principal, listprincs, etc)? Possibly, but it would not be good enough because AD is kerberos + Microsoft extensions, and the kadmin from MIT does not know about the Microsoft extensions. > Question #2: Is there a way to map multiple service principal names to > an AD account correctly? From my testing, it appears that creating more > than one SPN for an account pretty much overwrites the last one, no > matter what AD might otherwise say. I'm pretty sure the answer is no, because in AD a principal corresponds to an account and vice versa. Have a look at chapter 6 in Achim's document mentioned above. > Question #3: Can I just create service principals using ktpass and not > bother mapping them to an AD account? Hmmm ... I should test this again > tomorrow. See the answer to number 2. -- Yves. http://www.sollers.ca/blog/2008/swappiness http://www.sollers.ca/blog/2008/swappiness/.fr _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
