Key version number for principal in key table is incorrect
c.barbat at osram.de
Tue Oct 12 05:27:40 EDT 2004
I found out (Matt suggested this a long time ago, now I gave it
attention) that issuing a:
kinit -k -t <local_keytab> <principal>
seems to get a fresh ticket from the KDC and is suitable to be run
from crontab, as it doesn't ask the user for a password.
Does this solve the first issue below, or do I still need to signal it
somehow to the SAP server that the ticket got renewed?
Barbat, Calin wrote:
>Hi to the experts,
>I have a somewhat special setup here, some of you are in the know of it:
>I have three hosts running SAP servers under Linux, Win2k Server and SunOS respectively and am trying to make single sign-on working using MIT Kerberos.
>All three are connected to an Win2k DC.
>There are two issues left to do: ensure that the servers are up and running as long as possible - somehow it must be possible to renew the ticket indefinitely, does anyone know how to do this?
>The second one is that the SAP server writes the following GSSAPI message in it's log: "Key version number for principal in key table is incorrect".
>What could it be? The output of ktpass states that vno is 1 and ktutil on the Linux box says KVNO is 1 too.
>By the way: all three SAP servers use the same service principal in the AD, could this be an issue?
>Thanks in advance,
>Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos