kinit request on keytab fails using 2K3sp1 KDC
David Telfer
david at 2fluid.co.uk
Thu Mar 23 06:27:13 EST 2006
David Telfer wrote:
> To determine the keytab kvno;
>
> # /usr/local/sbin/ktutil
> ktutil: rkt /etc/krb5.keytab
> ktutil: list
> slot KVNO Principal
> ---- ----
> ---------------------------------------------------------------------
> 1 3 HTTP/connect.smg.plc.uk at SMG.PLC.UK
>
> This is the step I am unsure of, but I believe it indicates that the
> keytab also has a KVNO of 3. Is this correct?
>
To clarify this, I have realised that I was jumping through too many
hoops to determine the kvno of the keytab file.
I should have used;
#./klist -k /etc/krb5.keytab
This returns;
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
3 HTTP/connect.smg.plc.uk at SMG.PLC.UK
Indicating that both the Service Principal and keytab kvno's match. I
think it would be wise for me to restart the process so I can be sure
that the kvnos are starting at 1.
From the determined kvno information, I am worried that starting again
will not resolve my issue. Assuming that the kvno is reset to 1, using
kvno and klist to determine the version number should return similar
results to above, but showing the number to be 1. What would the
difference be and would it resolve the pre-authentication issue?
More information about the Kerberos
mailing list