[Samba] [Samba 4.0] Floating KVNO
Andrew Bartlett
abartlet at samba.org
Thu Feb 14 18:26:39 MST 2013
On Thu, 2013-02-14 at 14:05 +0100, Kaito Kumashiro wrote:
> Hello
>
> I'm using Samba 4.0.1 also to authenticate users via Kerberos. Once in a
> while however I have to regenerate a keytab, because for reasons unknown to
> me, the KVNO is increased by one. I'm not doing anything with an account
> the SPN is bound to. The KVNO seems to change automagically after few days
> and service cannot talk to the KDC unless I create a new keytab.
>
> What can cause the KVNO (and probably the keys) to change automagically? Is
> there a way to disable this?
In AD, the KVNO is based on the replication metatdata, specifically the
version number for the unicodePwd attribute. It should only change if
that attribute is changed.
What is the client in this case?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list