At $ORK, we're testing kerberized NFS across a bunch of clients. One issue that we've run into is that ktpass.exe is just plain annoying. Another issue we've tripped across has to deal with service principal names and mapping them to an AD user.
Question #1: Is there a way to get kadmin from a linux || sun || os x client to talk to AD correctly? Barring that, is there a way that I've missed to do basic principal manipulation (get principal, listprincs, etc)? Question #2: Is there a way to map multiple service principal names to an AD account correctly? From my testing, it appears that creating more than one SPN for an account pretty much overwrites the last one, no matter what AD might otherwise say. Question #3: Can I just create service principals using ktpass and not bother mapping them to an AD account? Hmmm ... I should test this again tomorrow. -- -- John E. Jasen ([EMAIL PROTECTED]) -- No one will sorrow for me when I die, because those who would -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
