KVNO/Keytab Question
kevin.doran@accenture.com
kevin.doran at accenture.com
Fri Nov 28 12:41:38 EST 2008
Hi, I'm hoping someone can help.
We are having issues using SPNEGO. Our problem seems to be the one
defined on:
http://www-01.ibm.com/support/docview.wss?rs=638&context=SSPREK&uid=swg21259123&loc=en_US&cs=UTF-8&lang=en
When we try to login, our browsers pass the following ticket
information:
Ticket
Tkt-vno: 5
Realm: DWPPTP.LONDONDC.COM
Server Name (Service and Instance):
HTTP/ettloadbalancer.dwpptp.londondc.com
Name-type: Service and Instance
(2)
Name: HTTP
Name:
ettloadbalancer.dwpptp.londondc.com
enc-part des-cbc-md5
Encryption type: des-cbc-md5 (3)
Kvno: 4
enc-part:
1857B643262FFCBFF4F54F7D2D7E41F7D67DC10257C15D28...
The Kvno is 4, yet when performing a klist on the keytab file:
ivmgr at dptettsw02:/var/pdweb/log$ klist -k /var/pdweb/keytab-dptettsw02/
ettloadbalancer_HTTP.keytab
Keytab name: FILE:/var/pdweb/keytab-dptettsw02/
ettloadbalancer_HTTP.keytab
KVNO Principal
----
--------------------------------------------------------------------------
3 HTTP/ettloadbalancer.dwpptp.londondc.com at DWPPTP.LONDONDC.COM
We have followed the recommendation of recreating the keytab file and
this has change the KVNO number in the keytab file. However the KVNO
passed by the browser does not matched - how does this value get set?
Any help is appreciated
Regards
Kev
More information about the Kerberos
mailing list