[Kdc-info] Preliminary draft of LDAP Kerberos schema

[Luke Howard]

>I understood that the Microsoft implementation, or at least one  
>version of it, used a timestamp to generate the kvno, not a sequence  
>of small integers.  The RFC 4120 protocol allows for 32-bit unsigned  
>kvno values.

Was this pre-W2K3? I thought the kvno was fixed in W2K and the value
of monotonically increasing msDS-KeyVersionNumber attribute in W2K3.

-- Luke

--