On Fri, Apr 24, 2015 at 04:46:55PM -0400, Greg Hudson wrote: > On 04/24/2015 03:37 PM, Ben H wrote: > > Why not simply use host/serverA.domain.com for both services? > > At a protocol level, it's to support privilege separation on the server. > The CIFS server doesn't need access to the LDAP server key and vice versa.
And, to a lesser extent, to prevent users from getting redirected from one service to another. Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
