[krbdev.mit.edu #2882] Windows 2003 SP1 ktpass.exe generate keytab files fail to load with 1.4
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Jan 14 15:38:19 EST 2005
It appears there is no problem with the keytab processing code in 1.4.
The problem is incorrect data being generated by ktpass.exe given
certain state. I caused the program to crash as well. I assume that
memory overwrites within the program were generating bad data.
The version information follows:
--a-- W32i APP ENU 5.2.3790.1218 shp 86,528 07-26-2004 ktpass.exe
I have sent a crash report to Microsoft.
In the meantime, it should be noted that if you ever alter the mapped
SPN or change the use of the "DES only" flag on an account, you MUST
reset the password on the account in the Active Directory tool.
Otherwise, ktpass will generate bad data.
The password and kvno input to ktpass will not produce the correct
result. Make sure that the kvno of the account increments when the
reset password is performed. If it doesn't, you will need to do it again.
There is another problem I need to look into. The use of the
KRB5_KTNAME environment variable is being ignored on Windows.
More information about the krb5-bugs
mailing list