Explicitly setting KVNO during ank...
Bob Liu
hme0 at hotmail.com
Tue Nov 8 02:06:55 EST 2011
Hello,
Is it even possible to explicitly set the "kvno" to "0" zero like the following?
ank -kvno 0 krbtgt/REALM1.COM at REALM2.COM
The reason I need to do this is because I'm trying to setup a one-way cross-realm trust (REALM1.COM trusts REALM2.COM) with AD (Windows 2008).
REALM2.COM is the AD realm and REALM1.COM is the MIT realm running krb5-1.9 on RHEL 6.1.
For some reason on Windows the kvno for the cross-realm principal (krbtgt/REALM1.COM at REALM2.COM) is default to "0" and on the MIT side the kvno starts at "1".
I know per the RedHat doc when setting up the cross-realm the KVNO numbers have to match on both side.
Any advise on this is appreciated...
Bob.
More information about the Kerberos
mailing list