Issue with Ktpass usage + windows 2003 KDC + non windows client

sandypossible@gmail.com sandypossible at gmail.com
Sat Sep 23 01:03:49 EDT 2006


Hi all,

I am working on implementating Kerberos for IPsec for an embedded
device. I am not able to test it with Windows 2003 server as KDC. But
with 2000 server as KDC, it is working fine. When the device is acting
as application server, the error is in accept_sec_context().

The routine accept_sec_context() says Keytable version number doesn't
match. Validation error.  But I am ble to get TGT for the application
server using keytab. Are there any changes to the ktpass tool in 2003
server when compared to ktpass tool given for 2000. I googled and found
that keyversion number in 2003 is incremeted unlike 2000 server. Is
this the cause ?  I am creating the keytab file on the KDC and  using
it on the device. I am not able to find whats the cause for this
failure. Can anybody please help me ? Hoiw to find which keyversion to
use when creating the keytab using ktpass tool on wondows 2003 ?

Also, one more observation is, when I use the ktpass tool to map
account to principal, it says failed to map the "servicePrincipalName".
This is happening for the newly created acccount also. Can you please
tell me if this is related to ktpass tool or it could be related to
configuration error ? 

Regards,
Sandy.




More information about the Kerberos mailing list