svn commit: r1625842 - /tomcat/trunk/webapps/docs/windows-auth-howto.xml

[ma...@apache.org]

Author: markt
Date: Wed Sep 17 22:45:58 2014
New Revision: 1625842

URL: http://svn.apache.org/r1625842
Log:
Answer an outstanding question and add some additional info

Modified:
    tomcat/trunk/webapps/docs/windows-auth-howto.xml

Modified: tomcat/trunk/webapps/docs/windows-auth-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1625842&r1=1625841&r2=1625842&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/windows-auth-howto.xml (original)
+++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Wed Sep 17 22:45:58 2014
@@ -62,11 +62,15 @@ exactly else authentication will fail. A
 debug logs in this case.</li>
 <li>The client must be of the view that the server is part of the local trusted
 intranet.</li>
+<li>The SPN does not have to start with HTTP but the SPN must be the same in all
+the files it is used.</li>
+<li>If you want multiple SPNs mapped to the same domain user then each SPN must
+use a unique prefix such as <code>HTTP01/...</code>, <code>HTTP02/...</code>,
+etc.</li>
 </ul>
 <p>The areas where further testing is required include:</p>
 <ul>
 <li>Does the domain name have to be in upper case?</li>
-<li>Does the SPN have to start with HTTP/...?</li>
 <li>Can a port number be appended to the end of the host in the SPN?</li>
 <li>Can the domain be left off the user in the ktpass command?</li>
 <li>What are the limitations on the account that Tomcat can run as? SPN



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org