Re: Apache/Active Directory authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 24 Mar 2011, Michael B Allen wrote:

> On Wed, Mar 23, 2011 at 2:35 PM, John Hodrien <J.H.Hodrien@xxxxxxxxxxx> wrote:
>> On Wed, 23 Mar 2011, Michael B Allen wrote:
>>
>> Sure, but if you're not a domain admin, you've only got a machine principal,
>> and your own principal (which I can use to join machines to the domain).
>> Given those, and *not* a domain admin credential, how do you create those
>> principals?
>
> You do kinit -k with the keytab for the machine account and then an
> ldap_modify to add servicePrincipalName values for the desired
> principals. The machine account has permission sufficient to modify
> itself.

But modifying the ldap record for the host doesn't generate the
servicePrincipal?  How do you get the servicePrincipal into the machine's
keytab?

Thanks for taking the time to discuss this by the way,

jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux