Why kerberos keytab will not stay in sync with Active Directory kvno version

Issue

The local /etc/krb5.keytab will become outdated every 7 to 14 days. The Active Directory KDC controller will report a newer kvno number. This version number will be larger than the local system keytab kvno version. When the kvno version mismatches, the local principal is no longer valid and all attempts to use this for authentication will fail.

Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
kerberos
samba

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Why kerberos keytab will not stay in sync with Active Directory kvno version

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links