...
You need to support more than one Active Directory domain, but the domains are not in a trust relationship
You need to support more than one hostname / SPN (some clients, like for instance Git clients, do not canonicalize CNAMES)
You want to support more than one encryption type
...
In the example below, we want to enable Kerberos SSO for users in the two domains example.local and kerbauth.com
After creating the first keytab, the keytab file is transferred to the other domain controller where a new key is produced and added to the keytab.
...
First, create a keytab file in the KERBAUTH.COM domain.
|
...
Merge two or more keys to one keytab file
In the below example, we have two keys: issues.example.com.keytab and issues-KERBAUTH.keytab
...