KVNO/Keytab Question
kevin.doran@accenture.com
kevin.doran at accenture.com
Sat Nov 29 03:32:35 EST 2008
On 29 Nov, 03:21, "Richard E. Silverman" <r... at qoxp.net> wrote:
> >>>>> "KD" == kevin doran <kevin.do... at accenture.com> writes:
>
> KD> Hi, I'm hoping someone can help. We are having issues using
> KD> SPNEGO. Our problem seems to be the one defined on:
> KD>http://www-01.ibm.com/support/docview.wss?rs=638&context=SSPREK&uid=s...
>
> KD> When we try to login, our browsers pass the following ticket
> KD> information:
>
> KD> Ticket Tkt-vno: 5 Realm:
> KD> DWPPTP.LONDONDC.COM Server Name (Service and Instance):
> KD> HTTP/ettloadbalancer.dwpptp.londondc.com Name-type: Service and
> KD> Instance (2) Name: HTTP Name: ettloadbalancer.dwpptp.londondc.com
> KD> enc-part des-cbc-md5 Encryption type: des-cbc-md5 (3) Kvno: 4
> KD> enc-part: 1857B643262FFCBFF4F54F7D2D7E41F7D67DC10257C15D28...
>
> KD> The Kvno is 4, yet when performing a klist on the keytab file:
>
> KD> ivmgr at dptettsw02:/var/pdweb/log$ klist -k
> KD> /var/pdweb/keytab-dptettsw02/ ettloadbalancer_HTTP.keytab Keytab
> KD> name: FILE:/var/pdweb/keytab-dptettsw02/
> KD> ettloadbalancer_HTTP.keytab KVNO Principal ----
> KD> --------------------------------------------------------------------------
> KD> 3 HTTP/ettloadbalancer.dwpptp.londondc.... at DWPPTP.LONDONDC.COM
>
> KD> We have followed the recommendation of recreating the keytab file
> KD> and this has change the KVNO number in the keytab file. However
> KD> the KVNO passed by the browser does not matched - how does this
> KD> value get set?
>
> You need to purge the ccache on the client machine so that it obtains a
> new, matching ticket from the KDC.
>
> KD> Any help is appreciated
>
> KD> Regards
>
> KD> Kev
>
> --
> Richard Silverman
> r... at qoxp.net
Thanks Richard, is that done using the "C:\Program Files\Resource Kit
\KLIST.EXE" purge" command? If so, I have tried this but it still
isn't working
More information about the Kerberos
mailing list