You can use this post to create a KeyTab file for your application to use SSO.
Find attached the details for the sample setup.
Domain:
test.zz
user:
srviceuser1
pw:
HDPw8912hs17!/hsd7
url:
auth-test.service.test.zz
Required
enycryption: AES256
Command:
ktpass -out
c:\auth-test.keytab -princ HTTP/auth-test.test.zz@TEST.ZZ -mapuser
srviceuser1 -pass HDPw8912hs17!/hsd7 -kvno 0 -ptype KRB5_NT_PRINCIPAL -crypto
AES256-SHA1
If another
type of encryption is needed you should have a look at the following article:
You can verify if the spn is applied to the account using the following command.
setspn -L srviceuser1
The last thing we have to do is to enable the support of AES256 encryption on the account serviceuser1. Open Active Directory Users & Computers, select properties of serviceuser1, go to the account tab and select
the following checkbox in Account options: “This
account supports Kerberos AES 256 bit encryption”
No comments:
Post a Comment