[30484] in Kerberos
KVNO/Keytab Question
daemon@ATHENA.MIT.EDU (kevin.doran@accenture.com)
Mon Dec 1 14:18:05 2008
From: kevin.doran@accenture.com
Date: Fri, 28 Nov 2008 09:41:38 -0800 (PST)
Message-ID: <5eea5ac7-a68f-4e3c-a9ac-f372b197de4b@u14g2000yqg.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Cc: aaron.m.allport@accenture.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi, I'm hoping someone can help.
We are having issues using SPNEGO. Our problem seems to be the one
defined on:
http://www-01.ibm.com/support/docview.wss?rs=638&context=SSPREK&uid=swg21259123&loc=en_US&cs=UTF-8&lang=en
When we try to login, our browsers pass the following ticket
information:
Ticket
Tkt-vno: 5
Realm: DWPPTP.LONDONDC.COM
Server Name (Service and Instance):
HTTP/ettloadbalancer.dwpptp.londondc.com
Name-type: Service and Instance
(2)
Name: HTTP
Name:
ettloadbalancer.dwpptp.londondc.com
enc-part des-cbc-md5
Encryption type: des-cbc-md5 (3)
Kvno: 4
enc-part:
1857B643262FFCBFF4F54F7D2D7E41F7D67DC10257C15D28...
The Kvno is 4, yet when performing a klist on the keytab file:
ivmgr@dptettsw02:/var/pdweb/log$ klist -k /var/pdweb/keytab-dptettsw02/
ettloadbalancer_HTTP.keytab
Keytab name: FILE:/var/pdweb/keytab-dptettsw02/
ettloadbalancer_HTTP.keytab
KVNO Principal
----
--------------------------------------------------------------------------
3 HTTP/ettloadbalancer.dwpptp.londondc.com@DWPPTP.LONDONDC.COM
We have followed the recommendation of recreating the keytab file and
this has change the KVNO number in the keytab file. However the KVNO
passed by the browser does not matched - how does this value get set?
Any help is appreciated
Regards
Kev
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
