I have a Linux (Ubuntu) box joined to a Windows domain (I believe the domain controllers are server 2003) so I can use Kerberos authentication. Initially everything is working fine - I can ssh into the box using gssapiauthentication.
After some number of days, this stops working however. I would find that I could re-generate the keytab and the problem would go away for a while and eventually come back. The most recent time I noticed that it stopped working on a Monday morning - implying perhaps that something changed over a weekend. I build the Kerberos libraries with optimization turned off so I could step through, and what became clear was that the KVNO for the machine account had changed - in AD the number was now 30, but the keytab had a KVNO of 24. So it wasn't just one bump - there were several (the keys were generated on 09/25/10). At this point, I don't know *why* the kvno is changing. Right now I have a script running that polls the KVNO every 5 minutes so I can see exactly when the thing changes - once I have a time, I can start looking at logs (both on the Linux box and perhaps even on the domain controller). For that matter, I could probably shut down the Linux box for a few weeks to see whether the KVNO bumps happen without the machine being up or not. Does anyone have anything else to suggest for what I should be looking for? -Eric ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos