I was hoping someone knew how the Windows admin could find the kvno in AD. The MS 2000 ktpass -kvno says you can add it, but it is not clear if this updates the AD or is only used to create a keytab file. Our Windows admins says the 2003 ktpass is not out yet.
The MIT kvno shows the keys, but that is from the client side. Jeffrey Hutzelman wrote: > > On Wednesday, January 14, 2004 16:22:09 -0600 "Douglas E. Engert" > <[EMAIL PROTECTED]> wrote: > > > > > We recently upgraded one of our Windows AD servers to 2003. We have a > > number of service principals registered in AD which are for services run > > on UNIX. Some users where having problems using these services. > > > > It appears that 2003 AD now supports key version numbers in tickets. The > > upgraded server is issuing tickets with kvnos other then zero, while the > > others are always using zero. > > > > It is not clear where it got the kvno to use, as the entries where all > > added prior to the upgrade, and I don't recall entring in these kvnos in > > the ktpass command when we defined these principals. > > > > We have not found the AD command to look at what kvno is in the AD. > > Anyone know the command? > > No, but you should be able to use 'kvno' or 'kgetcred' followed by 'klist > -v' to get a service ticket and display the kvno used in that ticket. I don't see in the MIT klist code a -v. Is that Hiemdal? > > -- Jeff > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
