To verify the Keyversion number of Keytab

Douglas E. Engert deengert at
Thu Jan 17 10:42:05 EST 2008

Vanraj wrote:
> Hi,
> The Kerberos packets can be captred by ethereal and then we can observe the
> Keyversion(kvno) of Keytab. 
> If the KDC is Windows2003 and on running the kinit if we get the error as 
> sendauth rejected, error reply is:
>     "Key version number for principal in key table is incorrect"    
> If the captured packets on ethereal are encrypted in the tcp form.Then how
> can we know the Keyversion number of the Keytab we are using?

To find the keyversion numbers:
   In AD use ADSI Edit or ldap to look at the account and look for the attribute

   In the keytab use klist -k

> Regards,
> Vanraj.


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list