i just want to find out what the purpose of mapping a user to a service using
ktpass is. For example i am on windows and i run ktpass like this
ktpass -out <keytab location> -princ <myservice/domain.com> -mapUser userA@domain.com -mapOp add .........
when we map a user to the -princ does it mean that only "userA" can authenticate the service? And how do we use the-add and -set option? what is the difference.?
my issue is this: I have many users wanting to use a service I have, and authenticate through kerberos (JASS Krb5LoginModule) but I don't want to specify many user principal names in the jaas.config file. So i am thinking of using SPN instead, and mapping the users who are authorized to use the service. Is that the way enable my users to use a kerberized service ?
thanks