ktadd behaviour

Ken Hornstein (Contractor) kenh at cmf.nrl.navy.mil
Tue Oct 17 15:38:56 EDT 2006

>  - After the ktadd operation, the data base however contains:
>    Number of keys: 1
>    Key: vno 35, DES cbc mode with CRC-32, no salt
>    And, obviously, klog cannot work anymore. The cpw operation
>    resolves this (recreates 3 keys), but then the previously
>    added keytab is no longer valid.

You're focusing on the wrong thing here.  The number of keytypes is
really immaterial.

When you use ktadd, a new _key_ is being created.  This means that the
user's password is being changed at the same time (well, when you use
ktadd, there's no guarantee that you will end up with a key which
necessarily corresponds to a password).  When you do a ktadd, you're
doing an implicit "cpw -randkey".

What you might want to do is use ktutil to create a keytab which corresponds
to the password you want to use for that account (look at "addent" inside
of ktutil).


More information about the Kerberos mailing list