I can specify a key version when adding a principal, but when adding a
keytab entry the created key's version does not match the created
principals sometimes. It appears that if I delete all keys and host
principals and use --randkey when ank'ing them and enter them in the
same order it will use the same key version number. But, if I add the
principals all with a specified key version , the keytabs created will
not have the same version number specified in the policies.

This appears to be the majority of my kprop issues.

Also, the doc at

states that each KDC needs a keytab, but it leaves it very vague whether
that keytab includes just the local kdc or all the kdc's. Can someone
clarify this.


Kerberos mailing list Kerberos@mit.edu