If you have a functional keytab, then you don't need to disable the AP-
REQ verification with that special line in the krb5.conf that someone
posted. In fact you *should*not* disable it.
On Aug 5, 2009, at 9:43 PM, Martin Schweizer wrote:
Hello Henry
2009/8/6 Henry B. Hotz <hotz@xxxxxxxxxxxx>:
Or get a host principal keytab for the machine (the preferred
solution).
What do you mean with this? As I posted the Kerberos5 authentication
works as expected. This means for me /etc/krb5.keytab is correct (it's
exported from one of our domain controllers, as recommended from
Microsoft).
Regards,
--
Martin Schweizer
schweizer.martin@xxxxxxxxx
Tel.: +41 32 512 48 54 (VoIP)
Fax: +1 619 3300587
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@xxxxxxxxxxxx, or hbhotz@xxxxxxx
