Douglas E. Engert wrote: > kvno is requesting a service ticket. But user accounts in AD don't > normally have a servicePrincipalName attribute. > > kvno should work for actual service principals like: > > kvno host/livad.liv.ac.uk > > Why do you need to use kvno with a user account? > > If you need to know the kvno for the user, you can use ldap or ADSI Edit > and search for the user and read the msDS-KeyVersionNumber attribute. > > You might be able to add a servicePrincipalName to the user account if > you really need to get a service ticket for the user.
Ah that does explain it all thankyou. I was just testing to make sure everything was working before bothering our AD team to set up a service principal for a test service. I didn't know if I had got the initial setup right or not. -- John Gilbertson ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
