Key version number for principal in key table is incorrect -
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Dec 21 06:21:14 EST 2005
sandypossible at gmail.com wrote:
> Hi all,
>
> I have seen the earlier replies to the similar issues and tried to
> debug myself. Could not solve the issue, so posting once again.
>
> I am trying to run the gss api sample applications using windows 2003
> server. I have two linux machines and I am trying to tun gss sample
> server and client applications. I have set the default enc types to
> des-cbc-crc and des-cbc-md5 in the krb5.conf file.
There should be no reason why you want or need to restrict the
enctypes in a krb5.conf file. Doing so will only create a severe
maintenance problem once you realize that DES encryption is too weak
for continued use.
> I have created a
> keytab file entry foe sample using ktpass.
What command line did you use?
> I have verified that klist
> -ke gives the des-cbc-crc key versions. I have captured the trace and
> verified that windows 2003 KDC is returning the enc types "des-cbc-crc"
> in the AS-REP.
>
> I have created the keytab file only once for sample/<fqdn>. But when I
> try to connect to the sample server, I get the error: Key version
> number for principal in key table is incorrect.
This is because you did not specify the correct kvno value when you
executed ktpass.exe. Before executing ktpass.exe using the "kvno"
tool to determine what key version number is being issued by Active
Directory.
> Could anybody please help.
>
> - Sandy
More information about the Kerberos
mailing list