[cifs-protocol] KVNO of trusts

Andrew Bartlett abartlet at samba.org
Wed Sep 3 04:12:53 GMT 2008

How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC?

For normal users, we have msDS-KeyVersionNumber, but as per our previous
discussions, trusts do not need cn=user type objects for
interoperability (I point I dispute, but regardless).  So, what is the
source of the key version number for these principals?  

(Is it the 'for NETLOGON use' version number in the trustAuthIncoming
and trustAuthOutgoing attributes, for example?)


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080903/557b9e2f/attachment.bin

More information about the cifs-protocol mailing list