Differences
This shows you the differences between the selected revisions of the page.
| 2008-06-04 | 2008-06-04 | ||
| no summary (128.250.18.20) | no summary (128.250.18.20) | ||
| Line 60: | Line 60: | ||
| ===== Service principal name (SSPI) ===== | ===== Service principal name (SSPI) ===== | ||
| The situation where it option is useful is where you do not have Kerberos for Windows on a local machine and are using cross realm where the realm of the server is not in AD. The local machine can be part of a domain, or a stand alone machine. It is proving handy for use from home for example. | The situation where it option is useful is where you do not have Kerberos for Windows on a local machine and are using cross realm where the realm of the server is not in AD. The local machine can be part of a domain, or a stand alone machine. It is proving handy for use from home for example. | ||
| + | |||
| + | The Service Principal Name should be entered in the form: | ||
| + | |||
| + | <code> | ||
| + | host/<hostname>@<Kerberos Realm Name> | ||
| + | </code> | ||
| When one of more of the realms are not AD, then the Microsoft ''ksetup'' command will need to be used to define the realms to the local machine. It can be found on the Windows XP PRO CD under support tools which get installed into ''C:\Program Files\Support Tools\''. There is also a version for Windows 2000. | When one of more of the realms are not AD, then the Microsoft ''ksetup'' command will need to be used to define the realms to the local machine. It can be found on the Windows XP PRO CD under support tools which get installed into ''C:\Program Files\Support Tools\''. There is also a version for Windows 2000. | ||
| Line 75: | Line 81: | ||
| If the realm has the DNS SRV records setup the ''KdcName'' is optional at least on XP. | If the realm has the DNS SRV records setup the ''KdcName'' is optional at least on XP. | ||
| - | MIT 1.3 KDCs supports TCP. The ''Delegate'' flag is needed for servers in the MIT realm as it does not return the ''OK_TO_DELEGATE'' flag. | + | MIT 1.3 KDCs supports TCP. The ''Delegate'' flag is needed for servers in the MIT realm as it does not return the ''OK_TO_DELEGATE'' flag. The ''Delegate'' flag is also needed to have an AFS token issued when the server is using the Andrew File System. |