I believe I see my misunderstanding. This also explains why gss-server/gss-client doesn't work on my client machine after adding svc/host.abc.com to its keytab file. I was specifying the same password as when I created the account.
I ftp'd the servers' keytab to my client and it worked fine. This does bring a practical question to mind. Would I normally create a keytab file with just the entry for a particular service and transfer it to the service host? Does the admin keytab on the kdc need them for any reason? Thanks in advance "Steve Langasek" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Tue, Sep 10, 2002 at 11:54:25AM -0500, Rick wrote: > > I'm new to kerberos and don't know why I'm having this problem. > > > # ktadmin.local > > #addprinc -kvno 3 -pw user1 user1 > > #addprinc -kvno 3 -pw user2 user2 > > #addprinc -kvno 3 -pw service svc/host.abc.com > > #ktadd -k /usr/..... keytab svc/host.abc.com > > > All this works fine. When I go to a client, this is what I get. > > > c:\kinit user1 > > this works fine > > > c:\kinit user2 > > this works fine > > > c:\kinit svc/host.abc.com > > password incorrect while getting initial credentials. > > > ... and yes I typed it right. > > > #getprinc svc/host.abc.com > > > now shows the key version number to be 4. Why does ktadd change the key > > version number. Is there a document somewhere which describes key versions. > > The installation and system admin guides don't really say anything about it. > > Because "ktadd" means "generate a new random key for this principal, and > store this shared key in the specified keytab". If you run 'ktadd', the > password changes -- you cannot use a principal in this manner and still > use a password to request tickets for that principal. > > Steve Langasek > postmodern programmer > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
