Windows 2003 and kvno in tickets
Bala Viswanathan
balav at lsil.com
Thu Jan 15 13:47:43 EST 2004
On Thu, 15 Jan 2004, Douglas E. Engert wrote:
> I was hoping someone knew how the Windows admin could find the kvno in AD.
> The MS 2000 ktpass -kvno says you can add it, but it is not clear if this
> updates the AD or is only used to create a keytab file. Our Windows
> admins says the 2003 ktpass is not out yet.
>
> The MIT kvno shows the keys, but that is from the client side.
IIRC, the ktpass utility does output the kvno value. You can
also get the kvno value by looking up the value of the
"msDS-KeyVersionNumber" attribute of the corresponding account in AD (managed
by Windows Server 2003).
Bala
More information about the Kerberos
mailing list