Windows 2003 and kvno in tickets

Douglas E. Engert deengert at anl.gov
Wed Jan 14 17:22:09 EST 2004


We recently upgraded one of our Windows AD servers to 2003. We have a 
number of service principals registered in AD which are for services run 
on UNIX. Some users where having problems using these services. 

It appears that 2003 AD now supports key version numbers in tickets. The 
upgraded server is issuing tickets with kvnos other then zero, while the 
others are always using zero.
 
It is not clear where it got the kvno to use, as the entries where all added 
prior to the upgrade, and I don't recall entring in these kvnos in the ktpass 
command when we defined these principals.

We have not found the AD command to look at what kvno is in the AD.
Anyone know the command? 


-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444


More information about the Kerberos mailing list