SPN key kvno increasing once a week
David Mansfield
samba at dm.cobite.com
Mon May 20 11:57:01 MDT 2013
Hi All:
I have a number of samba3 and samba4 based winbind clients (centos 6 and
Fedora 18 respectively, BTW) connecting to a compiled-by-hand samba4 DC
running on centos6. The exported keytab for an SPN we use for apache is
becoming invalid every week due to a bump in the kvno for the SPN
"HTTP/myhost.domain.com". This also affects the
"host/myhost.domain.com" SPN key and probably all of the SPN keys for
that host. I can see from google that this is not a "new" problem, but
nowhere is there a note of the resolution.
The winbind operation is unaffected (and is probably causing this
problem) - it's internal keytab must be getting refreshed (or it's not
using a keytab or something).
I have not modified/set "kerberos method" in smb.conf from the defaults,
but I do have "winbind refresh tickets = true" on.
Can anyone tell me:
1) why is kvno getting bumped every week, who is responsible (client or
server), can it be configured and/or disabled?
2) if I can't fix #1, can I force winbind to create multiple keytabs all
over my filesystem and be sure to chown and set selinux context for me?
--
Thanks,
David Mansfield
Cobite, INC.
More information about the samba-technical
mailing list