Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 382383F0F3; Fri, 5 Mar 2010 18:26:17 -0500 (EST) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o25NQHhG015258; Fri, 5 Mar 2010 18:26:17 -0500 Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o25KinC9025132 for ; Fri, 5 Mar 2010 15:44:49 -0500 Received: from dmz-mailsec-scanner-3.mit.edu (DMZ-MAILSEC-SCANNER-3.MIT.EDU [18.9.25.14]) by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id o25KhT5q003557 for ; Fri, 5 Mar 2010 15:44:49 -0500 X-Auditid: 1209190e-b7bbeae000000d46-d7-4b916d4091c4 Received: from sh1.exchange.ms (sh1.exchange.ms [64.71.238.63]) by dmz-mailsec-scanner-3.mit.edu (Symantec Brightmail Gateway) with SMTP id 3A.26.03398.04D619B4; Fri, 5 Mar 2010 15:44:48 -0500 (EST) Received: from outbound.mse3.exchange.ms (unknown [10.0.25.203]) by sh1.exchange.ms (Postfix) with ESMTP id 6181B2D88D9 for ; Fri, 5 Mar 2010 15:45:13 -0500 (EST) X-Mimeole: Produced By Microsoft Exchange V6.5 X-CR-Puzzleid: {4B923E62-7D6D-48AE-9D89-38490853054D} MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-CR-Hashedpuzzle: AUWC AhsE BNwo DnXE D8a/ FUDZ FVKY F3kY GLnR GOXg GZqY Gxg9 HL19 HP0l HuXD H3PR; 1; awByAGIANQAtAGIAdQBnAHMAQABtAGkAdAAuAGUAZAB1AA==; Sosha1_v1; 7; {4B923E62-7D6D-48AE-9D89-38490853054D}; YQBiAGUAcgByAHkAQABsAGkAawBlAHcAaQBzAGUALgBjAG8AbQA=; Fri, 05 Mar 2010 20:42:03 GMT; WwBrAHIAYgBkAGUAdgAuAG0AaQB0AC4AZQBkAHUAIAAjADYANgA3ADMAXQAgAFMANABVADIAUAByAG8AeAB5ACAAYQBuAGQAIABrAHYAbgBvACAAZQByAHIAbwByAA== Content-Class: urn:content-classes:message Date: Fri, 5 Mar 2010 15:42:03 -0500 Message-ID: <23447137FA0DAA4D95EF535FF356BE46041C888E@mse3be2.mse3.exchange.ms> In-Reply-To: X-MS-Has-Attach: X-MS-Tnef-Correlator: Thread-Topic: [krbdev.mit.edu #6673] S4U2Proxy and kvno error Thread-Index: Acq8ogcEtekO9AH4TVy+erKnNXrgqAAAGFFw References: From: "Arlene Berry" To: Subject: [krbdev.mit.edu #6673] S4U2Proxy and kvno error X-Brightmail-Tracker: AAAAARMqGeA= Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id o25KinC9025132 X-Mailman-Approved-At: Fri, 05 Mar 2010 18:26:16 -0500 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 519 We've found it necessary to have 7 variations of the principal name as Active Directory could issue a service ticket for any of them. If the host's FQDN is comp1.domain.com, the sAMAccountName is COMP1$ and the realm is REALM.COM, we store keytab entries for the following list of principals for each supported encryption type: COMP1$@REALM.COM host/COMP1@REALM.COM host/comp1@REALM.COM host/comp1.domain.com@REALM.COM host/COMP1.DOMAIN.COM@REALM.COM host/COMP1.domain.com@REALM.COM host/comp1.DOMAIN.COM@REALM.COM