[39489] in Kerberos
Re: spn alias
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Thu Mar 6 11:59:09 2025
MIME-Version: 1.0
In-Reply-To: <42e99884-8cae-4664-9f29-79cd49c5c5e7@kania-online.de>
From: Jeffrey Hutzelman <jhutz@cmu.edu>
Date: Thu, 6 Mar 2025 11:57:49 -0500
Message-ID: <CALF+FNxM=H=h=Ux0KSeJ7iy+KDrZL36GEESfcaWfZPBx77wMiQ@mail.gmail.com>
To: Stefan Kania <stefan@kania-online.de>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
What LDAP server software are you using?
On Thu, Mar 6, 2025 at 11:44 AM Stefan Kania <stefan@kania-online.de> wrote:
> hi to all,
> is it possible to set an alais for the spn? We still having the problem
> doing kerberos authentication through a loadbalancer. We created a
> principal for the loadbalancer and a keytab. We then added the key to
> the ldap-keytab file, so we are having both, the ldap key for the server
> and the ldap key for the loadbalancer in one file. This file we use as
> keytab for the ldap-server. the client connets to the loadbalancer (with
> ldapsearch) and we are getting "err=49" and the log is showing that the
> spn is wrong. So we think with an alias for the spn for the loadbalancer
> it might work. Or is there any other way to get the
> kerberos-authentication through the loadbalancer?
>
> Stefan
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
