KVNO/Keytab Question
Richard E. Silverman
res at qoxp.net
Fri Nov 28 22:21:24 EST 2008
>>>>> "KD" == kevin doran <kevin.doran at accenture.com> writes:
KD> Hi, I'm hoping someone can help. We are having issues using
KD> SPNEGO. Our problem seems to be the one defined on:
KD> http://www-01.ibm.com/support/docview.wss?rs=638&context=SSPREK&uid=swg21259123&loc=en_US&cs=UTF-8&lang=en
KD> When we try to login, our browsers pass the following ticket
KD> information:
KD> Ticket Tkt-vno: 5 Realm:
KD> DWPPTP.LONDONDC.COM Server Name (Service and Instance):
KD> HTTP/ettloadbalancer.dwpptp.londondc.com Name-type: Service and
KD> Instance (2) Name: HTTP Name: ettloadbalancer.dwpptp.londondc.com
KD> enc-part des-cbc-md5 Encryption type: des-cbc-md5 (3) Kvno: 4
KD> enc-part: 1857B643262FFCBFF4F54F7D2D7E41F7D67DC10257C15D28...
KD> The Kvno is 4, yet when performing a klist on the keytab file:
KD> ivmgr at dptettsw02:/var/pdweb/log$ klist -k
KD> /var/pdweb/keytab-dptettsw02/ ettloadbalancer_HTTP.keytab Keytab
KD> name: FILE:/var/pdweb/keytab-dptettsw02/
KD> ettloadbalancer_HTTP.keytab KVNO Principal ----
KD> --------------------------------------------------------------------------
KD> 3 HTTP/ettloadbalancer.dwpptp.londondc.com at DWPPTP.LONDONDC.COM
KD> We have followed the recommendation of recreating the keytab file
KD> and this has change the KVNO number in the keytab file. However
KD> the KVNO passed by the browser does not matched - how does this
KD> value get set?
You need to purge the ccache on the client machine so that it obtains a
new, matching ticket from the KDC.
KD> Any help is appreciated
KD> Regards
KD> Kev
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list