-1

I'm following this blog post: http://blog.springsource.com/2009/09/28/spring-security-kerberos/

It says:

For this to work, every web applications needs to be registered at the Kerberos server and gets a service prinicipal and a shared secret assigned. For web applications, the service principal must be "HTTP/@DOMAIN". For example "HTTP/web.springsource.com@SPRINGSOURCE.COM", if your app runs on web.springsource.com.

I have a 2k8 server on which I need to generate the ktpass. I access my application on this as http://localhost:8080/myapp

So in my case what would be my Service Principal and Domain? Is there a way to find out what the domain name is from command prompt of the 2k8 server?

Also, I loginto the box using Administrator username and deploy the app with this as well. So I'll generate the keytab file for Administrator right?

birdy
  • 117
  • 5

2 Answers2

3

"Is there a way to find out what the domain name is from command prompt of the 2k8 server?"

From a command prompt:

WMIC NTDOMAIN GET Description, CreationClassName, DNSForestName
TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • Thanks! I was able to generate the keytab file. However...I can't login as Administrator with same password I used earlier. Does generating keytab file in anyway change the password for the user? I did receive and output while generating keytab that said `Warning: pType and Account type do not match. this might cause problems` – birdy Feb 06 '13 at 15:54
  • I have no idea on the springframework/keytab stuff...not my area of expertise. – TheCleaner Feb 06 '13 at 15:56
0

The domain info that you're looking for is the Kerberos domain that your server belongs to. In almost all cases with Windows, this is referring to your Active Directory domain (though, not always). If you're not using Active Directory, then it's the name of your *nix Kerberos Realm that your server participates in. If you don't have that either, then you don't have Kerberos. If you don't have Kerberos, then you can't have an SPN.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • I am trying to test...right now I'm logging into the win2k8 server by remote desktop. how do i find out active directory domain or whether active directory is set up? – birdy Feb 06 '13 at 15:29
  • when i login as administrator it shows `foo.bar.some\Administrator` does that mean thats my domain? – birdy Feb 06 '13 at 15:32
  • I'm sorry, do you really not know if you're on an Active Directory domain or not? It seems like you're probably not the admin in charge of the machine, right? Maybe you should ask him/her for help... – MDMarra Feb 06 '13 at 15:33