Actual result:
KEYTAB creation command provided by installer does not reset KVNO.
Expected result:
KEYTAB creation command provided by installer supposed to reset KVNO.
Background:
In most cases, our customers use the same service user for upgrades, which causes version number mismatch between LDAP attribute and the value in KEYTAB file.
There is a parameter -kvno 0 in ktpass command which supposes to reset the version number.
Currently, the command provided by the installer does not contain this parameter.
Steps to reproduce:
- Run RPA server installation.
- Use service user which previously has a KEYTAB file.
- Generate a new KEYTAB file using the command provided by the installer.
- Complete installation.
- Try to connect the client from a different computer.
- See SSO fails.
- Optionally, validate the KEYTAB file with kinit command.
