You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/18 00:45:59 UTC
svn commit: r1625842 - /tomcat/trunk/webapps/docs/windows-auth-howto.xml
Author: markt
Date: Wed Sep 17 22:45:58 2014
New Revision: 1625842
URL: http://svn.apache.org/r1625842
Log:
Answer an outstanding question and add some additional info
Modified:
tomcat/trunk/webapps/docs/windows-auth-howto.xml
Modified: tomcat/trunk/webapps/docs/windows-auth-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1625842&r1=1625841&r2=1625842&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/windows-auth-howto.xml (original)
+++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Wed Sep 17 22:45:58 2014
@@ -62,11 +62,15 @@ exactly else authentication will fail. A
debug logs in this case.</li>
<li>The client must be of the view that the server is part of the local trusted
intranet.</li>
+<li>The SPN does not have to start with HTTP but the SPN must be the same in all
+the files it is used.</li>
+<li>If you want multiple SPNs mapped to the same domain user then each SPN must
+use a unique prefix such as <code>HTTP01/...</code>, <code>HTTP02/...</code>,
+etc.</li>
</ul>
<p>The areas where further testing is required include:</p>
<ul>
<li>Does the domain name have to be in upper case?</li>
-<li>Does the SPN have to start with HTTP/...?</li>
<li>Can a port number be appended to the end of the host in the SPN?</li>
<li>Can the domain be left off the user in the ktpass command?</li>
<li>What are the limitations on the account that Tomcat can run as? SPN
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org