Christoph Maser wrote: > Am Donnerstag, den 13.11.2008, 14:11 +0100 schrieb John Jasen: > >> So what happens now if you try a kinit -kt /etc/krb5.keytab >> HTTP/[EMAIL PROTECTED] >> >> That's effectively verifying via kinit that the SPN can get tickets, BTW. >> >> I'll try your method when I get into the office and see if it makes a >> profound difference. >> > > I am not a kerberos guru but i think your test is wrong see this post: > http://mailman.mit.edu/pipermail/kerberos/2002-March/000429.html
In my copious spare time, I'll set up a test MIT krb5 server and repeat some of these experiments, but what the poster in that email message is testing versus what I am testing are two different things. You'll notice that his response spits back a password prompt, whereas mine spit back a principal name not found error. When attempting to use a kerberized service (such as nfs) with the samba nfs/fqdn SPN, I also get a principal not found error. Anyway, thanks for your assistance. If I get time, I'll test this more thoroughly. -- -- John E. Jasen ([EMAIL PROTECTED]) -- No one will sorrow for me when I die, because those who would -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
