[OpenAFS] Switching from MIT to win 2003 krb5 server - win question-obtain tokens
Christopher D. Clausen
cclausen@acm.org
Fri, 8 Jun 2007 09:07:05 -0500
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> Lars Schimmer wrote:
>> A google told me wronkg kvno :-(
>> Although I ktpass with kvno 4 and imported it as kvno 4...
>> Lets try it again.
>
> ktpass does not set the kvno in AD. It only sets the kvno in the
> keytab. You have to use the kvno in the keytab that is used by AD.
I think you need to use current kvno + 1 b/c the kvno gets incremented
when ktpass.exe is run to create the keytab.
<<CDC