Win2k3 SP1 ktpass problem.

Srinivas Cheruku srinivas.cheruku at gmail.com
Thu Sep 22 01:55:13 EDT 2005


Hi Jeffrey Altman,

As you have told i have checked the kvno.

kvno in keytab = 2
kvno in service ticket = 2
There is no difference with the kvno in keytab as well as in the service 
ticket.

Before extracting the keytab using Win2k3 SP1 ktpass, i reset the 
password of that user account then extract keytab using ktpass. This 
keytab is working fine without any errors.

Can you please let me know whether we need to always reset the password 
before running Win2k3 SP1 ktpass?
Is this a bug in MS Win2k3 SP1 ktpass?
Did you observe the same behaviour with the keytab extracted with Win2k3 
SP1 ktpass?

Thanks,
Srini

Jeffrey Altman wrote:
 > Is the correct kvno value being written to the keytab entry?
 >
 > Use the KFW kvno.exe <service-principal> command to find out what
 > kvno the service principal is using.   Then include that value in
 > the ktpass.exe command line with the -kvno <kvno> command line
 > option.
 >
 > Jeffrey Altman
 >
 >
 > Srini wrote:
 > > Hi,
 > >
 > > I have used the below command to extract the keytab. You can see that i
 > > have specified the enctype correctly. Please let me know whether i need
 > > to specify any other option to ktpass.
 > >
 > > ktpass -mapuser user at xxx.com -princ test/host.xxx.com at XXX.COM +DesOnly
 > > -pass helloworld  -ptype KRB5_NT_PRINCIPAL -crypto DES-CBC-MD5 -out
 > > "c:\krb5.keytab"
 > >
 > > I am using the user account and not the computer account.
 > >
 > > Thanks,
 > > Srini
 > >
 > > Jeffrey Altman wrote:
 > >
 > >>Are you specifying the correct kvno and are you extracting
 > >>the correct enctype?   2K3 SP1 supports the export of RC4-HMAC
 > >>keys and that might be the new default.
 > >>
 > >>Jeffrey Altman
 > >>
 > >>
 > >>Srinivas Cheruku wrote:
 > >>
 > >>>Hi,
 > >>>
 > >>>I am using Win2k3 as my KDC.
 > >>>
 > >>>I was using the keytab extracted from Win2k3 ktpass
 > >>>and it was working fine with my GSS applications. I
 > >>>have upgraded to Win2k3 SP1 and now when i use ktpass
 > >>>of Win2k3 SP1 to extract the keytab and use it with my
 > >>>GSS application, i am getting error on the GSS server
 > >>>while accepting the context as "Decrypt integrity
 > >>>check failed".
 > >>>
 > >>>Can anyone encountered this problem with the keytab
 > >>>created with win2k3 sp1 ktpass?
 > >>>Can anyone help me to fix this issue?
 > >>>
 > >>>Thanks and Regards,
 > >>>Srini
 > >>>
 > >>>
 > >>>
 > >>>
 > >>>______________________________________________________
 > >>>Click here to donate to the Hurricane Katrina relief effort.
 > >>>http://store.yahoo.com/redcross-donate3/
 > >>>________________________________________________
 > >>>Kerberos mailing list           Kerberos at mit.edu
 > >>>https://mailman.mit.edu/mailman/listinfo/kerberos
 > >>>
 > >>
 > >>--
 > >>-----------------
 > >>This e-mail account is not read on a regular basis.
 > >>Please send private responses to jaltman at mit dot edu
 > >
 > >
 >
 > --
 > -----------------
 > This e-mail account is not read on a regular basis.
 > Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list