> BTW Why do you want to reset the account in AD ? I don't see any reason.
I work with some Engineers that won't have a clue about how the proxy
integrates in AD and although unlikely, if they do reset the
<fqdn>-http account for any reason msktutil --auto-update will not
automatically resolve the issue and I will have to manually kinit
administrator and then run msktutil --auto-update to resolve it. If I
am not available this will be a problem. I can document what to do
(which is not hard) but frankly I do not have enough confidence they
would follow the instructions... sad I know.
from --auto-update in the msktutil man page:
...Will also update if the keytab failed to authenticate but the
default password did work. (e.g. after resetting the account in AD)...
This works with the <fqdn> but fails when using <fqdn>-http. So
although minor, it looks like a possible bug in msktutil, but I am not
sure.
I understand the point of having 2 different accounts in AD (thanks
for that) and will just use <fqdn>-http for kerberos and advise the
guys to never reset the account and hope they remember.
Thank you for your time with this Markus, I appreciate it.
James
Received on Sat Jan 07 2012 - 02:10:08 MST
This archive was generated by hypermail 2.2.0 : Sat Jan 07 2012 - 12:00:02 MST