service name? key versions?

Steve Langasek vorlon at
Tue Sep 10 13:41:09 EDT 2002

On Tue, Sep 10, 2002 at 11:54:25AM -0500, Rick wrote:
> I'm new to kerberos and don't know why I'm having this problem.

> # ktadmin.local
> #addprinc -kvno 3 -pw user1 user1
> #addprinc -kvno 3 -pw user2 user2
> #addprinc -kvno 3 -pw service svc/
> #ktadd -k /usr/..... keytab svc/

> All this works fine.  When I go to a client, this is what I get.

> c:\kinit user1
> this works fine

> c:\kinit user2
> this works fine

> c:\kinit svc/
> password incorrect while getting initial credentials.

> ... and yes I typed it right.

> #getprinc svc/

> now shows the key version number to be 4.  Why does ktadd change the key
> version number.  Is there a document somewhere which describes key versions.
> The installation and system admin guides don't really say anything about it.

Because "ktadd" means "generate a new random key for this principal, and 
store this shared key in the specified keytab".  If you run 'ktadd', the 
password changes -- you cannot use a principal in this manner and still 
use a password to request tickets for that principal.

Steve Langasek
postmodern programmer

More information about the Kerberos mailing list