Actual result:

KEYTAB creation command provided by installer does not reset KVNO.

Expected result:

KEYTAB creation command provided by installer supposed to reset KVNO.

Background:

In most cases, our customers use the same service user for upgrades, which causes version number mismatch between LDAP attribute and the value in KEYTAB file.

There is a parameter -kvno 0 in ktpass command which supposes to reset the version number.

Currently, the command provided by the installer does not contain this parameter.

Steps to reproduce:

1. Run RPA server installation.
2. Use service user which previously has a KEYTAB file.
3. Generate a new KEYTAB file using the command provided by the installer.
4. Complete installation.
5. Try to connect the client from a different computer.
6. See SSO fails.
7. Optionally, validate the KEYTAB file with kinit command.