Key version fun
Ted Kaczmarek
tedkaz at optonline.net
Wed May 11 07:37:26 EDT 2005
I can specify a key version when adding a principal, but when adding a
keytab entry the created key's version does not match the created
principals sometimes. It appears that if I delete all keys and host
principals and use --randkey when ank'ing them and enter them in the
same order it will use the same key version number. But, if I add the
principals all with a specified key version , the keytabs created will
not have the same version number specified in the policies.
This appears to be the majority of my kprop issues.
Also, the doc at
http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.1/doc/krb5-
install/Extract-Host-Keytabs-for-the-KDCs.html#Extract%20Host%20Keytabs%
20for%20the%20KDCs
states that each KDC needs a keytab, but it leaves it very vague whether
that keytab includes just the local kdc or all the kdc's. Can someone
clarify this.
Regards,
Ted
More information about the Kerberos
mailing list