Quoting Markus <[EMAIL PROTECTED]>:
Julien,
as far as I am aware you can not use cnames. Normally the
client/server uses a call to gss_import_name which canonicalises the
hostname from the cname to the A record. If you capture the traffic
on port 88 on the client you should see a TGS-REQ for
HTTP/host.my.domain.tld although your URL was http://my.domain.tld.
Regards
Markus
As I've already said before, I see no traffic between the client and
the server
(port 88). The client immediately send a NTLM token.
If I could make Kerberos working, do you think a keytab with
HTTP/[EMAIL PROTECTED] would be enough?
--
Julien ALLANOS
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
