To verify the Keyversion number of Keytab

Jeffrey Altman jaltman at
Wed Jan 16 18:29:00 EST 2008

Vanraj wrote:
> Hi,
> The Kerberos packets can be captred by ethereal and then we can observe the
> Keyversion(kvno) of Keytab. 
> If the KDC is Windows2003 and on running the kinit if we get the error as 
> sendauth rejected, error reply is:
>     "Key version number for principal in key table is incorrect"    
> If the captured packets on ethereal are encrypted in the tcp form.Then how
> can we know the Keyversion number of the Keytab we are using?

The kvno is not encrypted.  If it were, the receiving service would not 
know which key to use to decrypt the incoming message.

Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list