Hello all, I was wondering if I could get some clarification with regards to JBOSS Negotiate. I am running JBOSS 5.1.0.GA and trying to incorporate the latest Negotiate component. I have a win2k3 Active directory and want to verify the steps in the "how-to" , specifically Chapter 3 (ACtive Directory).
Let me summarize my setup first: Domain= base.myco.com Domain Controller= dc.base.myco.com JBOSS is on Debian machine called jportal JBOSS fqdn= jportal.base.myco.com Now for the first step Server User Creation I create a user called spnego-test who belongs to the Domain Users group. Second step Service Account Mapping: (This is where I have a question...the docs show the following: setspn.exe -a host/testserver.kerberos.jboss.org testserver setspn.exe -a HTTP/testserver.kerberos.jboss.org testserver Now is testserver the user name or the server where jboss resides?) Do I do the following?: setspn.exe -a host/jportal.base.myco.com spnego-test setspn.exe -a HTTP/jportal.base.myco.com spnego-test jportal being my jboss machine and spnego-test being the user I created Step 3: ktpass docs show this: ktpass -princ host/[email protected] -pass * -mapuser KERBEROS\testserver -out C:\testserver.host.keytab Do I do the following?: ktpass -princ host/[email protected] -pass * -mapuser DC.BASE.MYCO.COM\spnego-test -out C:\spnego-test.host.keytab Step 4: DOcs say to do the following: ktab -k c:\testserver.host.keytab -a [email protected] Do I do?: ktab -k c:\spnego-test.host.keytab -a [email protected] Thanks for any help! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238319#4238319 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4238319 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
