kvno overflow
Greg Hudson
ghudson at MIT.EDU
Mon Jan 31 16:07:56 EST 2011
On Mon, 2011-01-31 at 15:11 -0500, Jonathan Reams wrote:
> It looks like there's a difference between how kvnos are handled in keytabs vs the principals database/kadmin. In order to monitor our iprop setup, we have a principal who's key gets added to a keytab once an hour, and when the kvno hit 257, it reset to 0 in the keytab, but not in kadmin.
This is a limitation in the keytab format, and can't be easily fixed
without invalidating everyone's keytabs. There are provisions in the
code for most operations to continue working in the presence of kvnos
exceeding 255. Are you seeing a behavior problem other than the display
issue?
More information about the krbdev
mailing list