To verify the Keyversion number of Keytab
Douglas E. Engert
deengert at anl.gov
Thu Jan 17 10:42:05 EST 2008
Vanraj wrote:
> Hi,
>
> The Kerberos packets can be captred by ethereal and then we can observe the
> Keyversion(kvno) of Keytab.
> If the KDC is Windows2003 and on running the kinit if we get the error as
> sendauth rejected, error reply is:
> "Key version number for principal in key table is incorrect"
>
> If the captured packets on ethereal are encrypted in the tcp form.Then how
> can we know the Keyversion number of the Keytab we are using?
To find the keyversion numbers:
In AD use ADSI Edit or ldap to look at the account and look for the attribute
msDS-KeyVersionNumber
In the keytab use klist -k
>
>
> Regards,
> Vanraj.
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list