I'm using the pre-packaged MIT Kerberos 1.6.1 on CentOS 5.5 to set up a test environment, where I am lazy, and simply set the various passwords to match the usernames (I have no need for "real" security here -- this is just a dataless test environment).
I do this, so that I can debug problems by acquiring tickets/tokens as any of the test env users trivially. However, in the server software I'm developing, I obviously don't make such an assumption. That software uses keytabs files for each user to acquire tickets and/or tokens. When setting up the environment, I create the principals using: add_principal -pw $principal $princi...@$realm Then I extract the keytab file for use in the test suite using: ktadd -k /path/to/$principal.keytab $principal I've discovered that as soon as I run ktadd, then I can no longer manually authenticate as that principal anymore. kinit(v5): Password incorrect while getting initial credentials I create 8 different users, and extract keytab files for only 3 of them. They are all created with the same add_principal command, and I can only manually authenticate as the 5 that have NOT had a keytab extracted. Now, I'm assuming that the act of extracting the keytab has a side effect, but it's not clear how to workaround it. If I reset the password using kadmin, that increments the kvno, which will mean I have to re-extract the keytab files, which will make the password invalid, which means.... There's something simple and subtle here I'm missing. I don't see a means of setting the password and extracting the keytab file in a single kadmin operation, for example. What am I doing wrong? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos