Patch: System keytab usage improvements
Dan Perry
dperry at pppl.gov
Wed Jun 2 01:46:06 GMT 2004
>
> My only comment would be that I have always seen the key version
> number start at 1 instead of 0 for MIT Kerberos v5 (since 1990).
> Guenther had originally set the value to 1 in the first version of the
> patch. I have not tested with Windows2000 - can anyone confirm the
> default key version used by Windows 2000? (I am testing with Windows 2003
> which of course supports key version numbers).
>
http://mailman.mit.edu/pipermail/kerberos/2004-January/004321.html
Judging by this comment to the MIT Kerberos list, I would say that Windows
2000 uses a constant kvno of 0. I agree that a kvno of 0 seems odd, but it's
not impossible. I recall a kvno of 255, or -1, indicated an error,
everything else was fair game, despite the fact that every Kerberos
implementation I remember started with a kvno of 1, not 0.
If someone else wants to try this with a 2000 domain or knows for sure,
please do so. Changing the kvno for a 2000 domain is a quick one line
change.
-Dan
More information about the samba-technical
mailing list