Hi, On Thu, Feb 22, 2007 at 03:59:00PM +1000, Bradley Schatz wrote: > Thanks Mark, > > I did the following: > > net ads keytab ADD HTTP/foundry.example.local > > It placed the following in my keytab: > > klist -k: > <snip> > 2 HTTP/foundry.example.local/[EMAIL PROTECTED] > 2 HTTP/foundry.example.local/[EMAIL PROTECTED] > 2 HTTP/foundry.example.local/[EMAIL PROTECTED] > <snip> > > The following appears to have done the right thing: > > net ads keytab ADD HTTP > > klist -k > <snip> > 2 HTTP/[EMAIL PROTECTED] > 2 HTTP/[EMAIL PROTECTED] > <snip> > > However, I am still no closer than I started: > > kinit -k -t /etc/krb5.keytab HTTP/foundry.example.local > kinit(v5): Client not found in Kerberos database while getting initial > credentials >
I do not understand, why you want to gain a TGT for a service principal. This would be possible in a MIT Kerberos environment. In an Active Directory environment it would also be possible if you created HTTP/foundry.example.local as a user principal name. But it is not necessary for kerberizing apache. - Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
