kinit request on keytab fails using 2K3sp1 KDC
Richard E. Silverman
res at qoxp.net
Wed Mar 22 17:14:02 EST 2006
>>>>> "TA" == "Tim Alsop" <Tim.Alsop at cybersafe.com> writes:
TA> It seems that the sp1 version of ktpass stores a key with a
TA> specific kvno in the keytab file, and the kvno in the domain
TA> controller for the same principal is different. This is why you
TA> cannot use the keytab file to authenticate.
Yes; it always sets the kvno in the keytab it writes to 1, regardless of
the value in the KDB (which of course changes each time the key is
extracted). So, you can only use the keytab the first time you extract
it. If you have to do it again, just delete the principal and re-create
it.
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list