Hi list,
I think I have a problem with one of my SPNs/keytab - wondered if someone could confirm this:
3 x squid boxes on different sites, squid1, squid2 and squid3 are their hostnames. I have one AD account with the SPNs of all on it. Using fqdn for the proxy address to 2 of them results in Kerberos tickets: HTTP/<squid1>.fqdn_at_FQDN and HTTP/<squid2>.fqdn_at_FQDN and everything is fine.
However on the third one I get a ticket: HTTP/squid3@ i.e. No fqdn or @FQDN
I have both 'squidx' and 'squidx.fqdn' in my AD SPN for all boxes. I'm thinking the working two are using the squid.fqdn and the non-working one is using just 'squid3' hence the issue. Does this sound feasible. I think the answer is drop the 'squidx' from my SPNs and stick with the 'squidx.fqdn', regenerate my keytab and that's it.
I have cloned one of the working squid boxes and replaced the non-working one, so this leads me to believe it is the SPN/keytab and not the server.
Thoughts welcome!
Nickcx
The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author.
The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU
Received on Fri Jul 16 2010 - 17:47:43 MDT
This archive was generated by hypermail 2.2.0 : Sat Jul 17 2010 - 12:00:03 MDT