Now we need to create a "machine" credential for the Linux NFS client. Currently, Linux 2.6 requires a credential of form:

nfs/hostname@REALM-NAME

You must create a principal as type User. Do NOT create the principal as type Computer. Microsoft's Kerberos Interoperability document says:

Use the Active Directory Management tool to create a new user account for the UNIX host:
* Select the Users folder, right-click and select New, then choose user.
* Type the name of the UNIX host.

We are ultimately going to create a principal of form nfs/hostname@REALM. Above describes host/hostname@REALM.

我们将这个用户起名为 nfsH3CStor (此处用户名随意，我们使用 servicenameHostname 命名)。

The next step requires opening a Command Prompt window on the Windows 2000 server, and mapping nfsScully to its real machine principal,

nfs/h3cstor.tango.osqdu.org@TANGO.OSQDU.ORG

The command to do is ktpass, and it is invoked as:

ktpass -princ nfs/h3cstor.tango.osqdu.org@TANGO.OSQDU.ORG -mapuser nfsScully -pass XXXXXXXX -out h3cnfs.keytab

想办法把这个文件拷贝到 Linux 机器上， kinit 需要用这个文件。