Win2k3 SP1 ktpass problem.

Jeffrey Altman jaltman2 at nyc.rr.com
Fri Sep 9 07:29:58 EDT 2005 

Is the correct kvno value being written to the keytab entry?

Use the KFW kvno.exe <service-principal> command to find out what
kvno the service principal is using.   Then include that value in
the ktpass.exe command line with the -kvno <kvno> command line
option.

Jeffrey Altman


Srini wrote:
> Hi,
> 
> I have used the below command to extract the keytab. You can see that i
> have specified the enctype correctly. Please let me know whether i need
> to specify any other option to ktpass.
> 
> ktpass -mapuser user at xxx.com -princ test/host.xxx.com at XXX.COM +DesOnly
> -pass helloworld  -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-MD5 -out
> "c:\krb5.keytab"
> 
> I am using the user account and not the computer account.
> 
> Thanks,
> Srini
> 
> Jeffrey Altman wrote:
> 
>>Are you specifying the correct kvno and are you extracting
>>the correct enctype?   2K3 SP1 supports the export of RC4-HMAC
>>keys and that might be the new default.
>>
>>Jeffrey Altman
>>
>>
>>Srinivas Cheruku wrote:
>>
>>>Hi,
>>>
>>>I am using Win2k3 as my KDC.
>>>
>>>I was using the keytab extracted from Win2k3 ktpass
>>>and it was working fine with my GSS applications. I
>>>have upgraded to Win2k3 SP1 and now when i use ktpass
>>>of Win2k3 SP1 to extract the keytab and use it with my
>>>GSS application, i am getting error on the GSS server
>>>while accepting the context as "Decrypt integrity
>>>check failed".
>>>
>>>Can anyone encountered this problem with the keytab
>>>created with win2k3 sp1 ktpass?
>>>Can anyone help me to fix this issue?
>>>
>>>Thanks and Regards,
>>>Srini
>>>
>>>
>>>
>>>
>>>______________________________________________________
>>>Click here to donate to the Hurricane Katrina relief effort.
>>>http://store.yahoo.com/redcross-donate3/
>>>________________________________________________
>>>Kerberos mailing list           Kerberos at mit.edu
>>>https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>
>>--
>>-----------------
>>This e-mail account is not read on a regular basis.
>>Please send private responses to jaltman at mit dot edu
> 
> 

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list