Kerberos
Raimund Sacherer
rs at logitravel.com
Thu Jul 16 07:20:04 UTC 2015
Hello Greg,
> C:\Windows\system32>ktpass -princ HTTP/ad01.example.local at EXAMPLE.LOCAL
> -mapuser aduser -pass P@$$word -ptype KRB5_NT_PRINCIPAL -out
> :\temp\krb5.keytab
For what its worth, we have a couple of servers authenticating against an 2012 domain and we create the key tab file like this:
setspn -A HTTP/service.host.name windowsusername
ktpass -out key.tab -princ HTTP/service.host.name at EXAMPLE.LOCAL -mapUser windowsuser -mapOp set -pass password -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL
At times we have instead of RC4-HMAC-NT set ALL.
Hope this helps,
best
More information about the freebsd-questions
mailing list