none
Keytab files and KRBTGT reset

    Question

  • If the KRBTGT account is reset twice (2 day interval between resets) can someone say whether existing keytab files will continue to work?

    Thanks

    Friday, March 17, 2017 7:45 PM

Answers

  • Yes, existing keytab files will continue to work even if you change the KRBTGT account password.  The reset does not effect keytab files, since they are two completely different Kerberos principals in the KDC.  I had some extra time moments ago, so I just tested and verified this exact scenario.

    Best Regards, Todd Heron | Active Directory Consultant

    • Proposed as answer by Richard MuellerMVP Friday, March 17, 2017 9:19 PM
    • Marked as answer by Joe Dunn Saturday, March 18, 2017 7:05 PM
    Friday, March 17, 2017 9:14 PM

All replies

  • Yes, existing keytab files will continue to work even if you change the KRBTGT account password.  The reset does not effect keytab files, since they are two completely different Kerberos principals in the KDC.  I had some extra time moments ago, so I just tested and verified this exact scenario.

    Best Regards, Todd Heron | Active Directory Consultant

    • Proposed as answer by Richard MuellerMVP Friday, March 17, 2017 9:19 PM
    • Marked as answer by Joe Dunn Saturday, March 18, 2017 7:05 PM
    Friday, March 17, 2017 9:14 PM
  • Great.  Thanks a lot for your reply and testing Todd.

    Joe

    Saturday, March 18, 2017 7:05 PM