ktadd behaviour

Andrei Maslennikov andrei.maslennikov at gmail.com
Tue Oct 17 16:00:28 EDT 2006

Thanks Ken (I actually thought that only kvno was changed during ktadd).
I have just tried the addent subcommand of ktutil, and it did the job.

Regards - Andrei.

On 10/17/06, Ken Hornstein (Contractor) <kenh at cmf.nrl.navy.mil> wrote:
> >  - After the ktadd operation, the data base however contains:
> >
> >    Number of keys: 1
> >    Key: vno 35, DES cbc mode with CRC-32, no salt
> >
> >    And, obviously, klog cannot work anymore. The cpw operation
> >    resolves this (recreates 3 keys), but then the previously
> >    added keytab is no longer valid.
> You're focusing on the wrong thing here.  The number of keytypes is
> really immaterial.
> When you use ktadd, a new _key_ is being created.  This means that the
> user's password is being changed at the same time (well, when you use
> ktadd, there's no guarantee that you will end up with a key which
> necessarily corresponds to a password).  When you do a ktadd, you're
> doing an implicit "cpw -randkey".
> What you might want to do is use ktutil to create a keytab which
> corresponds
> to the password you want to use for that account (look at "addent" inside
> of ktutil).
> --Ken

More information about the Kerberos mailing list