I can specify a key version when adding a principal, but when adding a
keytab entry the created key's version does not match the created
principals sometimes. It appears that if I delete all keys and host
principals and use --randkey when ank'ing them and enter them in the
same order it will use the same key version number. But, if I add the
principals all with a specified key version , the keytabs created will
not have the same version number specified in the policies.

This appears to be the majority of my kprop issues.


Also, the doc at
http://web.mit.edu/kerberos/www/krb5....4.1/doc/krb5-
install/Extract-Host-Keytabs-for-the-KDCs.html#Extract%20Host%20Keytabs%
20for%20the%20KDCs

states that each KDC needs a keytab, but it leaves it very vague whether
that keytab includes just the local kdc or all the kdc's. Can someone
clarify this.

Regards,
Ted

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos