Solaris 10 + pam_krbs + Active Directory.. What am I doing wrong?

SirBob Shark___007 shark___007 at
Mon Mar 6 09:21:37 EST 2006

This worked 100% and fixed the problem!

>Co-worker Shawn Emery wrote the following when dealing with a similar
>    One thing I noticed from the error message was that the "New
>    password cannot be zero length" is mapped to the
>    KRB5_KT_KVNONOTFOUND error return value.  Which means that the keys
>    for host/ in their /etc/krb5/krb5.keytab file does not
>    match those that are found in AD.  Check to make sure that the
>    Windows ktpass executable is not pre-w2k3, there is a known issue
>    with it that always sets the key version numbers (kvno) to 1, while
>    the w2k3+ AD server now enforces correct kvnos.
>Will Fiveash
>Sun Microsystems Inc.
>Austin, TX, USA (TZ=CST6CDT)

More information about the Kerberos mailing list