[17396] in Kerberos_V5_Development
Re: Explicitly setting KVNO during ank...
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Nov 8 11:18:24 2011
Message-ID: <4EB9564C.10909@mit.edu>
Date: Tue, 08 Nov 2011 11:18:20 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Bob Liu <hme0@hotmail.com>
In-Reply-To: <BLU162-W22A5682F63CDD7CFEA34719FDE0@phx.gbl>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 11/08/2011 01:14 AM, Bob Liu wrote:
> Is it even possible to explicitly set the "kvno" to "0" zero like the following?
MIT krb5 historically uses 0 as a distinguished kvno value (typically
meaning "not set" or "unknown"), so when you try to set the initial kvno
to 0, it winds up being the default of 1.
People set up cross-realm trust between MIT and AD realms all the time;
I think they just ignore the kvno mismatch and it works anyway.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
