>Unfortunately it looks like 3.0.9, while providing the host services >that use the keytab with all combinations of >keytab entries to match the Windows 2003/AD SPN and UPN combinations, >does not address this issue. The UPN >is still registered as HOST/[EMAIL PROTECTED], and a normal kinit >-k will not succeed because the KDC >does not accept the use of the SPN for an initial authentication. I >understand there is a way under Windows to >map SPNs to user accounts (UPNs), but I'm not sure how to accomplish >that. Maybe we can accomplish this when >we create the LDAP entry in AD? That might be a better alternative >than changing the UPN to HOST/[EMAIL PROTECTED] >if it may cause any problems.
I don't think there is a way around setting the UPN to contain the FQDN. -- Luke -- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
