[17395] in Kerberos_V5_Development
Explicitly setting KVNO during ank...
daemon@ATHENA.MIT.EDU (Bob Liu)
Tue Nov 8 01:14:30 2011
Message-ID: <BLU162-W22A5682F63CDD7CFEA34719FDE0@phx.gbl>
From: Bob Liu <hme0@hotmail.com>
To: <krbdev@mit.edu>
Date: Tue, 8 Nov 2011 06:14:26 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hello,
Is it even possible to explicitly set the "kvno" to "0" zero like the following?
ank -kvno 0 krbtgt/REALM1.COM@REALM2.COM
The reason I need to do this is because I'm trying to setup a one-way cross-realm trust (REALM1.COM trusts REALM2.COM) with AD (Windows 2008). REALM2.COM is the AD realm and REALM1.COM is the MIT realm running krb5-1.9 on RHEL 6.1. For some reason on Windows the kvno for the cross-realm principal (krbtgt/REALM1.COM@REALM2.COM) is default to "0" and on the MIT side the kvno starts at "1". Since I do not have admin access to the AD servers and our windows admin does not know how to increment the kvno on the Windows side. I know per the RedHat doc when setting up the cross-realm the KVNO numbers have to match on both side.
Any advise on this is appreciated...
Bob.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
