[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad
Wed, 10 Jan 2007 15:45:34 -0500
John W. Sopko Jr. wrote:
> Jeffrey Altman wrote:
>> The -kvno option of ktpass is only to be used if you are generating
>> a keytab entry to be used in conjunction with a Windows 2000 server.
>> Do not use it if you are using a Windows 2003 server.
> Then how do you get the kvno in the account and the keytab to match?
If you goal is to try to change the password, then the key version
number you specify is not going to match the one in the active directory
The default behavior of ktpass is to query the DC to obtain the kvno.
It will use the correct version.
The password field is optional. You don't have to specify it.