Explicitly setting KVNO during ank...

Bob Liu hme0 at hotmail.com
Tue Nov 8 01:14:26 EST 2011


Is it even possible to explicitly set the "kvno" to "0" zero like the following?

ank -kvno 0 krbtgt/REALM1.COM at REALM2.COM

The reason I need to do this is because I'm trying to setup a one-way cross-realm trust (REALM1.COM trusts REALM2.COM) with AD (Windows 2008). REALM2.COM is the AD realm and REALM1.COM is the MIT realm running krb5-1.9 on RHEL 6.1. For some reason on Windows the kvno for the cross-realm principal (krbtgt/REALM1.COM at REALM2.COM) is default to "0" and on the MIT side the kvno starts at "1".  Since I do not have admin access to the AD servers and our windows admin does not know how to increment the kvno on the Windows side.  I know per the RedHat doc when setting up the cross-realm the KVNO numbers have to match on both side.

Any advise on this is appreciated...


