On Mon, 2011-11-28 at 10:13 +0100, Ondrej Valousek wrote:
On 11/28/2011 09:46 AM, John Hodrien wrote:
> On Sun, 27 Nov 2011, Josh Geisser wrote:
>
> > Yes, totally confused :)
> >
> > Thanks to you guy's I got it working now. But what I don't get is how
> > Kerberos keys are handled in general. The /etc/krb5.keytab is a container,
> > can I take both, UPN and SPN?
> Yes. My understanding is the only difference between a service principal and
> a user principal is that the KDC will not issue a ticket granting ticket to a
> service principal.
>
> jh
Yes and it is no wonder because UPN and SPN serve a different task. I
recommend searching MS technet for this. They have a nice explanation
for this.
It's an artificial distinction that holds ground only in MS-land.
If you find the Technet article can you send the link to this list ?
It would be nice to have a reference in the archives.
Simo.
--
Simo Sorce * Red Hat, Inc * New York