Patch: System keytab usage improvements

Dan Perry dperry at
Wed Jun 2 01:46:06 GMT 2004

> My only comment would be that I have always seen the key version
> number start at 1 instead of 0 for MIT Kerberos v5 (since 1990).
> Guenther had originally set the value to 1 in the first version of the
> patch. I have not tested with Windows2000 - can anyone confirm the
> default key version used by Windows 2000?  (I am testing with Windows 2003
> which of course supports key version numbers).

Judging by this comment to the MIT Kerberos list, I would say that Windows
2000 uses a constant kvno of 0.  I agree that a kvno of 0 seems odd, but it's
not impossible.   I recall a kvno of 255, or -1, indicated an error,
everything else was fair game, despite the fact that every Kerberos
implementation I remember started with a kvno of 1, not 0.

If someone else wants to try this with a 2000 domain or knows for sure,
please do so.   Changing the kvno for a 2000 domain is a quick one line


More information about the samba-technical mailing list