Key version number for principal in key table is incorrect - windows 2003 + linux clients

sandypossible@gmail.com sandypossible at gmail.com
Wed Dec 21 07:25:25 EST 2005


Hi ,

There should be no reason why you want or need to restrict the
enctypes in a krb5.conf file.   Doing so will only create a severe
maintenance problem once you realize that DES encryption is too weak
for continued use.
>> Do you mean that there is no need to specify the default_xxx_enctypes in conf file ?
Could you please confirm ?

 What command line did you use?
>>c:\>ktpass -princ sample/linux.kerb.com at KERB.COM -mapuser sample -pass <password>  -out sample.keytab

This is because you did not specify the correct kvno value when you
executed ktpass.exe.   Before executing ktpass.exe using the "kvno"
tool to determine what key version number is being issued by Active
Directory.
>> I tried to use kvno on windows 2003 to find the version number, but it was asking for ccache. I didnt know what to give for ccache. Could you please tell me how to use it ?

- Sandy.




More information about the Kerberos mailing list