kerberos - Purpose of mapuser in ktpass -

-

i want find out purpose of mapping user service using ktpass is. example on windows , run ktpass this

ktpass -out <keytab location> -princ <host/domain.com> -mapuser useraccount@domain.com -mapop add .........

when map user -princ mean "useraccount" can authenticate service? , how use -add , -set option? difference.?

my issue this: have many users wanting use service have, , authenticate through kerberos (jass krb5loginmodule) don't want specify many user principal names in jaas.config file. thinking of using spn instead, , mapping users.

cheers

option -mapuser useraccount@domain.com tells ktpass store 'principal' in attribute userprincipalname of user in active directory, active directory able find it, when clients ask kerberosserviceticket 'principal' , issue such ticket.

-mapuser specifies name of user, represents service in active directory.

using ktpass you're doing 2 things: generating keytab service (so open kerberos tickets received clients, i.e. authenticate them), , registering principal in active directory (so clients tickets service @ all).

in jaas.config file specify 1 principal name (for service), not clients. once user logs active directory domain, he/she has right service ticket service.


Comments

Post a Comment

Popular posts from this blog

python - Subclassed QStyledItemDelegate ignores Stylesheet -

-
i'm trying subclass qstyleditemdelegate remove focus rectangle in qcombobox . even though i'm calling base implementation of paint function , nothing else, result different. looks if parts of style-sheet influence bounding box of item taken consideration. class pstyleditemdelegate(qstyleditemdelegate): def __init__(self, *args, **kwds): super(pstyleditemdelegate, self).__init__(*args, **kwds) def paint(self, *args, **kwargs): qstyleditemdelegate.paint(*args, **kwargs) what have paint unmodified qstyleditemdelegate ? as suggested tried replacing pyside pyqt4 , works, appears bug. update pyside 1.1.2 1.2.1 result same. unfortunately switch breaks other parts of code, if there no other suggestions i'm going accept answer. edit bug tracked here
Read more

java - HttpClient 3.1 Connection pooling vs HttpClient 4.3.2 -

-
i have used httpclient3.1(java) connection pooling below : import org.apache.commons.httpclient.httpclient; import org.apache.commons.httpclient.multithreadedhttpconnectionmanager; import org.apache.commons.httpclient.params.httpclientparams; import org.apache.commons.httpclient.params.httpmethodparams; import org.apache.log4j.logger; public class httpclientmanager { private static logger logger = logger.getlogger(httpclientmanager.class); private static multithreadedhttpconnectionmanager connectionmanager = new multithreadedhttpconnectionmanager(); private static httpclientparams clientparams = new httpclientparams(); static { try { clientparams.makelenient(); clientparams.setauthenticationpreemptive(false); clientparams.setparameter(httpmethodparams.so_timeout, new integer(30000)); // set so_timeout clientparams.setparameter(httpmethodparams.head_body_check_timeout, new integer(3000)); // head responses
Read more

SQL: Divide the sum of values in one table with the count of rows in another -

-
is possible to, in single query, sum bunch of values in 1 table, , divide count of rows in another? there common id/key in both tables... fyi, win points least info provided in question. answer it's possible...here psuedo code since i'm guessing @ tables , columns select summing / counting whynot (select id, sum(whatever) summing where_ever ) inner join (select id, count(1) counting what_ever)b on a.id = b.id question = 'vague' group a.id
Read more