[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad error=19270407, arghhhh

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 10 Jan 2007 15:45:34 -0500

John W. Sopko Jr. wrote:
> Jeffrey Altman wrote:
>> The -kvno option of ktpass is only to be used if you are generating
>> a keytab entry to be used in conjunction with a Windows 2000 server.
>> Do not use it if you are using a Windows 2003 server.
> Then how do you get the kvno in the account and the keytab to match?

If you goal is to try to change the password, then the key version
number you specify is not going to match the one in the active directory

The default behavior of ktpass is to query the DC to obtain the kvno.
It will use the correct version.

The password field is optional.  You don't have to specify it.