Hello, maybe I have some related bug with pricipal names in AD, but maybe not
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > With just kca it worked. With kca_service I got: > > get_cert_authent_K5: krb5_mk_req: Server not found in Kerberos database > Try re-authenticating(K5). Unable to use your tickets to build the > necessary authenticator. > > However I find this hard to believe since there doesn't seem > to be report of such a problem on the web that I can find. For the use of the kerberized IMAP-Server cyrus, we need to map a SPN imap.hostname to a service account in AD. I tried this with ktpass but mapping always failed with an error and the SPN was not attached to the account (I tried this with new accounts also). But it was possible to attach imap/hostname to the same account. Hence there seems to be some problem which is related to syntax of SPNs allowed in AD. To your question about using computer accounts: In W2k-Server I have succeeded to map a SPN to a computer account by mapping to the user host$, where host is the hostname. This did not work when I recently tried on a 2003 Server. Dirk. -- Dr. Dirk Pape (Leiter des Rechnerbetriebs) FB Mathematik und Informatik der FU-Berlin Takustr. 9, 14195 Berlin Tel. +49 (30) 838 75143, Fax. +49 (30) 838 75190 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
