The Samba-Bugzilla – Bug 14125
As kerberos service/acceptor we may not accept expired tickets with our previous machine password
Last modified: 2019-09-13 13:19:29 UTC
As we don't know under what kvno a KDC stores our machine passwords
we just use fantasy numbers when filling the in memory keytab
with our (up to 4) machine passwords.
If the kvno matches by accident the number we made up, the heimdal
kerberos library may not fallback and check all other keys/passwords.