service name? key versions?
Steve Langasek
vorlon at dodds.net
Tue Sep 10 13:41:09 EDT 2002
On Tue, Sep 10, 2002 at 11:54:25AM -0500, Rick wrote:
> I'm new to kerberos and don't know why I'm having this problem.
> # ktadmin.local
> #addprinc -kvno 3 -pw user1 user1
> #addprinc -kvno 3 -pw user2 user2
> #addprinc -kvno 3 -pw service svc/host.abc.com
> #ktadd -k /usr/..... keytab svc/host.abc.com
> All this works fine. When I go to a client, this is what I get.
> c:\kinit user1
> this works fine
> c:\kinit user2
> this works fine
> c:\kinit svc/host.abc.com
> password incorrect while getting initial credentials.
> ... and yes I typed it right.
> #getprinc svc/host.abc.com
> now shows the key version number to be 4. Why does ktadd change the key
> version number. Is there a document somewhere which describes key versions.
> The installation and system admin guides don't really say anything about it.
Because "ktadd" means "generate a new random key for this principal, and
store this shared key in the specified keytab". If you run 'ktadd', the
password changes -- you cannot use a principal in this manner and still
use a password to request tickets for that principal.
Steve Langasek
postmodern programmer
More information about the Kerberos
mailing list