kvno overflow
Jonathan Reams
jr3074 at columbia.edu
Mon Jan 31 16:13:29 EST 2011
Yes, I get
kadmin: Incorrect password while initializing kadmin interface
when authenticating against kadmin using the keytab after the overflow occurs.
On Jan 31, 2011, at 4:07 PM, Greg Hudson wrote:
> On Mon, 2011-01-31 at 15:11 -0500, Jonathan Reams wrote:
>> It looks like there's a difference between how kvnos are handled in keytabs vs the principals database/kadmin. In order to monitor our iprop setup, we have a principal who's key gets added to a keytab once an hour, and when the kvno hit 257, it reset to 0 in the keytab, but not in kadmin.
>
> This is a limitation in the keytab format, and can't be easily fixed
> without invalidating everyone's keytabs. There are provisions in the
> code for most operations to continue working in the presence of kvnos
> exceeding 255. Are you seeing a behavior problem other than the display
> issue?
>
>
>
More information about the krbdev
mailing list