To verify the Keyversion number of Keytab
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Jan 16 18:29:00 EST 2008
Vanraj wrote:
> Hi,
>
> The Kerberos packets can be captred by ethereal and then we can observe the
> Keyversion(kvno) of Keytab.
> If the KDC is Windows2003 and on running the kinit if we get the error as
> sendauth rejected, error reply is:
> "Key version number for principal in key table is incorrect"
>
> If the captured packets on ethereal are encrypted in the tcp form.Then how
> can we know the Keyversion number of the Keytab we are using?
The kvno is not encrypted. If it were, the receiving service would not
know which key to use to decrypt the incoming message.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20080116/e632a17f/attachment.bin
More information about the krbdev
mailing list