kvno X not found in keytab; ticket is likely out of date

Radoslav Bodó bodik at cesnet.cz
Mon Jul 22 06:47:34 EDT 2019


> 3) anyway the best would be to pull old key from backups (either from
> kdc or server backup) and put it back to KDC under correct kvno
> 
> depending on your skills and other factors of your environment,
> restoring whole KDC db might be easier than to mess with single entry ...

btw, just putting old key to the service keytab on NFS server might do
the trick most easily...

the clients still holding the not-yet expired tickes would be able to
access the service, because service would have both old and new keys
available ... there should be no need to manage the kdc i guess


b

ps: typing faster than thinking ;(


More information about the Kerberos mailing list