[OpenAFS] krb5 trust, rxkad error=19270408... I'm missing something

Stephen Joyce stephen@physics.unc.edu
Thu, 4 Mar 2010 22:56:53 -0500 (EST)


On Thu, 4 Mar 2010, Jeffrey Altman wrote:

> [C:\]translate_et 19270408
> 19270408 = ticket contained unknown key version number
>
> What does kvno report when using the regular user?
> Is it still three?  My guess is not.

After a kinit on a client (to a regular user account in AD), the kvno of 
afs/cellname@ADDOMAIN is still 3.

> You should not using the -kvno option when creating a keytab with
> ktpass.  Doing places a kvno into the keytab but does not set the
> kvno within AD.  Leaving off the -kvno option writes the actual
> kvno to the keytab.

Maybe this is the problem. I'll give that a try tomorrow.

> Jeffrey Altman
>