On Fri, Jun 15, 2012 at 6:09 AM, Simo Sorce s...@redhat.com wrote:
On Fri, 2012-06-15 at 00:10 -0700, Stephen Ingram wrote:
Is it possible for accounts in cn=etc,cn=sysaccounts to have kerberos
principals or must you use the cn=accounts,cn=users container? I'm
thinking this for
On Tue, 2012-06-19 at 09:28 -0700, Stephen Ingram wrote:
On Fri, Jun 15, 2012 at 6:09 AM, Simo Sorce s...@redhat.com wrote:
On Fri, 2012-06-15 at 00:10 -0700, Stephen Ingram wrote:
Is it possible for accounts in cn=etc,cn=sysaccounts to have kerberos
principals or must you use the
On Tue, Jun 19, 2012 at 6:54 PM, Simo Sorce s...@redhat.com wrote:
Yes with IPA you can use service principals to initiate context w/o
problems. That's why I suggested you use a service principal.
AD has a limitation that you must use an actual user to initiate a
context, that may be where
On Fri, 2012-06-15 at 00:10 -0700, Stephen Ingram wrote:
Is it possible for accounts in cn=etc,cn=sysaccounts to have kerberos
principals or must you use the cn=accounts,cn=users container? I'm
thinking this for script-authenticated machine accounts (might be of
form user-hostname@REALM or