Key version fun

Ted Kaczmarek tedkaz at optonline.net
Wed May 11 07:37:26 EDT 2005


I can specify a key version when adding a principal, but when adding a
keytab entry the created key's version does not match the created
principals sometimes. It appears that if I delete all keys and host
principals and use --randkey when ank'ing them and enter them in the
same order it will use the same key version number. But, if I add the
principals all with a specified key version , the keytabs created will
not have the same version number specified in the policies.

This appears to be the majority of my kprop issues.


Also, the doc at 
http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4.1/doc/krb5-
install/Extract-Host-Keytabs-for-the-KDCs.html#Extract%20Host%20Keytabs%
20for%20the%20KDCs

states that each KDC needs a keytab, but it leaves it very vague whether
that keytab includes just the local kdc or all the kdc's. Can someone
clarify this. 

Regards,
Ted



More information about the Kerberos mailing list