Keytab entries in keytab Durbin_Ron at
Sat Nov 27 17:21:20 EST 2004


 The latest Heimdal code stores the kvno in the current place as a byte and
as a 4 byte value at the end
of each entry.  Is there any chance that this approach will be adopted by

Also with the advent of automatic password updates on CIFS the KVNO is
rolled over after 4
years. On some systems this is not an issue.  However, on HA(High
Availability) systems 4 years of uptime
is just getting warmed up.  Also since these keys are stored in files on
machines that now stay installed
for many years this is now an issue.


-----Original Message-----
From: Sam Hartman [mailto:hartmans at] 
Sent: Friday, November 26, 2004 1:41 PM
To: Durbin_Ron at
Cc: krbdev at
Subject: Re: Keytab entries in keytab

>>>>> "Durbin" == Durbin Ron <Durbin_Ron at> writes:

    Durbin> I notice that the key version number in the keytab is
    Durbin> stored as a single byte value.  However the in memory and
    Durbin> network size is 4 bytes.

Note that the code is somewhat clever in how it deals with the kvno
stored in the keytab in recent releases.  The code understands roughly
that the kvno in the file is the full kvno mod 256 and will try and
match accordingly.

    Durbin> Is there any future direction is the MIT project that
    Durbin> would correct this so the keytab file would store 4 byte

It will require a change to the keytab and thus coordination with
Heimdal.  We realize it needs doing but it is not a very high

More information about the krbdev mailing list