Hello,
I have the following use-case:
I have a service principal, HTTP/localhost, and its keys have kvno 1. I
export the keys in a keytab file that I deploy on the http server.
At time moment t_0, I change the password of my service principal. They
newly generated keys have kvno 2. I use -keep
On 12/22/2016 09:15 AM, Sorin Manolache wrote:
[...]
> Therefore, at moment t_2, when the user makes a request to the http
> server, his ticket that uses the kvno 2 keys cannot be validated by the
> service that uses the keytab with the kvno 1 keys.
Yes, this is a known weakness of the current k
