I am trying to leverage our organizations Active Directory krb5 system. In particular I'm trying to get kx509 (http://www.citi.umich.edu/projects/kerb_pki/) going.
I'm still creating user accounts for services. The gentleman from Ford who recently asserted that it was preferable to use computer accounts was unable to provide the software to do it that way - if anyone else has software to do that I'd be keen to try it. The kx509 program talks to the kca service. The service name "kca_service" is built in to the kx509 program, but not into kca itself which takes its service name from its keytab I guess. So I was very careful to generate 2 accounts and map one to kca_service/<hostname>@<realm> and the other to just kca/<hostname>@<realm>. Then run kx509 under the debugger using the kca_service keytab, then just change the service to "kca" and restart kca and rerun. With just kca it worked. With kca_service I got: get_cert_authent_K5: krb5_mk_req: Server not found in Kerberos database Try re-authenticating(K5). Unable to use your tickets to build the necessary authenticator. However I find this hard to believe since there doesn't seem to be report of such a problem on the web that I can find. Bob ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
