Kerberos service principal

UCS - Univention Corporate Server
#1

Hello

after I create a computer object, can I then manually (via ‘kadmin -l’ on master DC) add/create a custom service principal for that host (i.e. HTTP/hostname) or will it break something, meaning it is unsupported? Reason for it is to use the KDC to provide kerberos auth for an external webserver.

Thanks in advance for any advice

#2

Please check this article for more information about service principal handling in UCS

#3

I don’t run samba/AD, only kerberos/ldap.

# type univention-s4search
-bash: type: univention-s4search: not found

So can I use native kerberos (heimdal) tools/commands or do I have to deploy samba modules etc …?

Mastodon