On Wednesday, January 14, 2004 16:22:09 -0600 "Douglas E. Engert" <[EMAIL PROTECTED]> wrote:
We recently upgraded one of our Windows AD servers to 2003. We have a number of service principals registered in AD which are for services run on UNIX. Some users where having problems using these services.
It appears that 2003 AD now supports key version numbers in tickets. The upgraded server is issuing tickets with kvnos other then zero, while the others are always using zero.
It is not clear where it got the kvno to use, as the entries where all added prior to the upgrade, and I don't recall entring in these kvnos in the ktpass command when we defined these principals.
We have not found the AD command to look at what kvno is in the AD. Anyone know the command?
No, but you should be able to use 'kvno' or 'kgetcred' followed by 'klist -v' to get a service ticket and display the kvno used in that ticket.
-- Jeff ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos