KVNO/Keytab Question

Jeffrey Altman jaltman at secure-endpoints.com
Tue Dec 2 10:44:45 EST 2008

kevin.doran at accenture.com wrote:
> Hi Douglas, thanks for you response.
> ktpass was used to create the keytab. The KDC is maintained by our
> local service unit.
> We're really scratching our heads at the moment, it seems that each
> time we create a new keytab file shortly afterwards the KVNO in the
> client ticket changes. I've no idea why they are out of sync. What
> changes etc could cause the KVNO to increment on the KDC?
> Thanks
> Kev
Everytime you generate a new keytab with ktpass the key is replaced in
the KDC.
Generate the keytab once with ktpass and then distribute it to your
service ASAP.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20081202/b4b52354/attachment.bin

More information about the Kerberos mailing list