[16613] in Kerberos_V5_Development
Re: kvno overflow
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jan 31 16:08:01 2011
From: Greg Hudson <ghudson@mit.edu>
To: Jonathan Reams <jr3074@columbia.edu>
In-Reply-To: <EF74BC0F-CB42-4A78-96F6-2A01D3797CD9@columbia.edu>
Date: Mon, 31 Jan 2011 16:07:56 -0500
Message-ID: <1296508076.2456.603.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, 2011-01-31 at 15:11 -0500, Jonathan Reams wrote:
> It looks like there's a difference between how kvnos are handled in keytabs vs the principals database/kadmin. In order to monitor our iprop setup, we have a principal who's key gets added to a keytab once an hour, and when the kvno hit 257, it reset to 0 in the keytab, but not in kadmin.
This is a limitation in the keytab format, and can't be easily fixed
without invalidating everyone's keytabs. There are provisions in the
code for most operations to continue working in the presence of kvnos
exceeding 255. Are you seeing a behavior problem other than the display
issue?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
