[38569] in Kerberos
Re: kvno X not found in keytab; ticket is likely out of date
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Radoslav_Bod=c3=b3?=)
Mon Jul 22 10:42:30 2019
From: =?UTF-8?Q?Radoslav_Bod=c3=b3?= <bodik@cesnet.cz>
To: <kerberos@mit.edu>
Message-ID: <eaeb0b0a-c3ad-74b2-944d-124275cf62fc@cesnet.cz>
Date: Mon, 22 Jul 2019 12:47:34 +0200
MIME-Version: 1.0
In-Reply-To: <0ebcc6c9-b645-f9f1-d35b-f7147aa23e8b@cesnet.cz>
Content-Language: cs
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> 3) anyway the best would be to pull old key from backups (either from
> kdc or server backup) and put it back to KDC under correct kvno
>
> depending on your skills and other factors of your environment,
> restoring whole KDC db might be easier than to mess with single entry ...
btw, just putting old key to the service keytab on NFS server might do
the trick most easily...
the clients still holding the not-yet expired tickes would be able to
access the service, because service would have both old and new keys
available ... there should be no need to manage the kdc i guess
b
ps: typing faster than thinking ;(
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
