> - After the ktadd operation, the data base however contains: > > Number of keys: 1 > Key: vno 35, DES cbc mode with CRC-32, no salt > > And, obviously, klog cannot work anymore. The cpw operation > resolves this (recreates 3 keys), but then the previously > added keytab is no longer valid.
You're focusing on the wrong thing here. The number of keytypes is really immaterial. When you use ktadd, a new _key_ is being created. This means that the user's password is being changed at the same time (well, when you use ktadd, there's no guarantee that you will end up with a key which necessarily corresponds to a password). When you do a ktadd, you're doing an implicit "cpw -randkey". What you might want to do is use ktutil to create a keytab which corresponds to the password you want to use for that account (look at "addent" inside of ktutil). --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
