Issues with keytab creation related to switch to w2k3 w/ ktutil
hartmans at MIT.EDU
Wed Apr 7 09:31:47 EDT 2004
>>>>> "Nathan" == Nathan Neulinger <nneul at umr.edu> writes:
Nathan> Switch to pointing at a W2K3 domain controller - only
Nathan> change is host used for ldap. New result - keytab
Nathan> nonfunctional, get decrypt integ check failed, or pre-auth
Nathan> failed if I try to auth with the keytab.
Windows 2003 supports a concept of kvno. You should use the kvno
executable from MIT Kerberos to determine the kvno of the service
principal before constructing the keytab.
BTW, this question is really off-topic for this list and belonged on
kerberos at mit.edu.
More information about the krbdev