Julian, I think creating a keytab with HTTP/[EMAIL PROTECTED] should be enough.
Regards Markus Julien ALLANOS wrote: > > Quoting Markus <[EMAIL PROTECTED]>: > >> Julien, >> >> as far as I am aware you can not use cnames. Normally the >> client/server uses a call to gss_import_name which canonicalises the >> hostname from the cname to the A record. If you capture the traffic on >> port 88 on the client you should see a TGS-REQ for >> HTTP/host.my.domain.tld although your URL was http://my.domain.tld. >> >> Regards >> Markus >> > > As I've already said before, I see no traffic between the client and the > server > (port 88). The client immediately send a NTLM token. > > If I could make Kerberos working, do you think a keytab with > HTTP/[EMAIL PROTECTED] would be enough? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
