Windows 2003 and kvno in tickets
Douglas E. Engert
deengert at anl.gov
Wed Jan 14 17:22:09 EST 2004
We recently upgraded one of our Windows AD servers to 2003. We have a
number of service principals registered in AD which are for services run
on UNIX. Some users where having problems using these services.
It appears that 2003 AD now supports key version numbers in tickets. The
upgraded server is issuing tickets with kvnos other then zero, while the
others are always using zero.
It is not clear where it got the kvno to use, as the entries where all added
prior to the upgrade, and I don't recall entring in these kvnos in the ktpass
command when we defined these principals.
We have not found the AD command to look at what kvno is in the AD.
Anyone know the command?
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list