__END__
+=for stopwords
+KDC LDAP MacAllister keytab keytabs msktutil ldapsearch
+
=head1 NAME
ad-keytab
This script is a wrapper around msktutil and ldapsearch to simplify
the creation of host and service keytabs. The script is useful for
-boot strapping the kerberos credentials required to use Active
+boot strapping the Kerberos credentials required to use Active
Directory as a backend keytab store for wallet. The script shares
the wallet configuration file.
This is either host principal name of the form host/<fqdn> or a
service principal name of the form service/<id>. Service keytab
identifiers cannot be longer than 18 characters because of an
-ActiveDirectory restriction.
+Active Directory restriction.
=item keytab-filename
=item --user_rdn=dn
-The relative distinguished name to use as the base DN for ldap
+The relative distinguished name to use as the base DN for LDAP
searches of Active Directory for service keytabs. The distinguished
name formed will be user_rdn_rdn,base_dn.