Hello again,
I found out (Matt suggested this a long time ago, now I gave it attention) that issuing a:
kinit -k -t <local_keytab> <principal>
seems to get a fresh ticket from the KDC and is suitable to be run from crontab, as it doesn't ask the user for a password.
Does this solve the first issue below, or do I still need to signal it somehow to the SAP server that the ticket got renewed?
Calin.
Barbat, Calin wrote:
Hi to the experts,
I have a somewhat special setup here, some of you are in the know of it:
I have three hosts running SAP servers under Linux, Win2k Server and SunOS respectively and am trying to make single sign-on working using MIT Kerberos.
All three are connected to an Win2k DC.
There are two issues left to do: ensure that the servers are up and running as long as possible - somehow it must be possible to renew the ticket indefinitely, does anyone know how to do this?
The second one is that the SAP server writes the following GSSAPI message in it's log: "Key version number for principal in key table is incorrect". What could it be? The output of ktpass states that vno is 1 and ktutil on the Linux box says KVNO is 1 too.
By the way: all three SAP servers use the same service principal in the AD, could this be an issue?
Thanks in advance,
Calin Barbat.
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
