Versions Compared

Old Version 5

changes.mady.by.user Steinar Line

Saved on

compared with

New Version Current

changes.mady.by.user Ole Kristian Aune

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • You need to support more than one Active Directory domain, but the domains are not in a trust relationship

  • You need to support more than one hostname / SPN (some clients, like for instance Git clients, do not canonicalize CNAMES) 

  • You want to support more than one encryption type

...

In the example below, we want to enable Kerberos SSO for users in the two domains example.local and kerbauth.com

After creating the first keytab, the keytab file is transferred to the other domain controller where a new key is produced and added to the keytab.

...

First, create a keytab file in the KERBAUTH.COM domain.

Code Block
ktpass /out c:\issues-KERBAUTH.keytab /mapuser KERBAUTH\svc-jira-sso /princ HTTP/issues.example.com@KERBAUTH.COM /pass * /ptype KRB5_NT_PRINCIPAL

...

Merge two or more keys to one keytab file

In the below example, we have two keys: issues.example.com.keytab and issues-KERBAUTH.keytab

...