service name? key versions?

Rick mail at
Tue Sep 10 12:54:25 EDT 2002

I'm new to kerberos and don't know why I'm having this problem.

# ktadmin.local
#addprinc -kvno 3 -pw user1 user1
#addprinc -kvno 3 -pw user2 user2
#addprinc -kvno 3 -pw service svc/
#ktadd -k /usr/..... keytab svc/

All this works fine.  When I go to a client, this is what I get.

c:\kinit user1
this works fine

c:\kinit user2
this works fine

c:\kinit svc/
password incorrect while getting initial credentials.

... and yes I typed it right.

#getprinc svc/

now shows the key version number to be 4.  Why does ktadd change the key
version number.  Is there a document somewhere which describes key versions.
The installation and system admin guides don't really say anything about it.

Why is the service treated differently?  How many key versions does the
server have/support?  How are they setup?

Thanks in advance.

More information about the Kerberos mailing list