Key version number for principal in key table is incorrect

Calin Barbat c.barbat at osram.de
Tue Oct 12 05:27:40 EDT 2004


Hello again,

I found out (Matt suggested this a long time ago, now I gave it 
attention) that issuing a:

kinit -k -t <local_keytab> <principal>

seems to get a fresh ticket from the KDC  and  is suitable to be run 
from crontab, as it doesn't ask the user for a password.

Does this solve the first issue below, or do I still need to signal it 
somehow to the SAP server that the ticket got renewed?

Calin.

Barbat, Calin wrote:

>Hi to the experts,
>
>I have a somewhat special setup here, some of you are in the know of it:
>
>I have three hosts running SAP servers under Linux, Win2k Server and SunOS respectively and am trying to make single sign-on working using MIT Kerberos.
>All three are connected to an Win2k DC. 
>
>There are two issues left to do: ensure that the servers are up and running as long as possible - somehow it must be possible to renew the ticket indefinitely, does anyone know how to do this?
>
>The second one is that the SAP server writes the following GSSAPI message in it's log: "Key version number for principal in key table is incorrect".
>What could it be? The output of ktpass states that vno is 1 and ktutil on the Linux box says KVNO is 1 too.
>
>By the way: all three SAP servers use the same service principal in the AD, could this be an issue?
>
>Thanks in advance,
>
>Calin Barbat.
>
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>  
>




More information about the Kerberos mailing list