Forum Discussion
Kevin_Stewart
Oct 07, 2018Employee
JoeTheFifth,
What do you mean by adding all spns ?
You can "overload" the keytab file by using the -in option with ktpass:
ktpass -princ -mapuser -ptype KRB5_NT_PRINCIPAL -pass 'password' -in -out c:\keytab.next
You'd run this command for each SPN, adding the resulting key information to the last keytab file.
If you want to avoid the initial 401 response you have to configue IE and Firefox for that
Even if you put the URL in the browser's trusted intranet sites list, I believe (specifically for Kerberos) that the browser still makes an initial anonymous request.