Solaris 10 + pam_krbs + Active Directory.. What am I doing wrong?
SirBob Shark___007
shark___007 at hotmail.com
Mon Mar 6 09:21:37 EST 2006
This worked 100% and fixed the problem!
>Co-worker Shawn Emery wrote the following when dealing with a similar
>problem:
>
> One thing I noticed from the error message was that the "New
> password cannot be zero length" is mapped to the
> KRB5_KT_KVNONOTFOUND error return value. Which means that the keys
> for host/vbi.nm.nh.bar in their /etc/krb5/krb5.keytab file does not
> match those that are found in AD. Check to make sure that the
> Windows ktpass executable is not pre-w2k3, there is a known issue
> with it that always sets the key version numbers (kvno) to 1, while
> the w2k3+ AD server now enforces correct kvnos.
>
>--
>Will Fiveash
>Sun Microsystems Inc.
>Austin, TX, USA (TZ=CST6CDT)
More information about the Kerberos
mailing list