[CentOS] Apache/Active Directory authentication
John Hodrien
J.H.Hodrien at leeds.ac.uk
Fri Mar 25 12:05:11 UTC 2011
On Thu, 24 Mar 2011, Michael B Allen wrote:
> On Wed, Mar 23, 2011 at 2:35 PM, John Hodrien <J.H.Hodrien at leeds.ac.uk> wrote:
>> On Wed, 23 Mar 2011, Michael B Allen wrote:
>>
>> Sure, but if you're not a domain admin, you've only got a machine principal,
>> and your own principal (which I can use to join machines to the domain).
>> Given those, and *not* a domain admin credential, how do you create those
>> principals?
>
> You do kinit -k with the keytab for the machine account and then an
> ldap_modify to add servicePrincipalName values for the desired
> principals. The machine account has permission sufficient to modify
> itself.
But modifying the ldap record for the host doesn't generate the
servicePrincipal? How do you get the servicePrincipal into the machine's
keytab?
Thanks for taking the time to discuss this by the way,
jh
More information about the CentOS
mailing list