As we don't know under what kvno a KDC stores our machine passwords we just use fantasy numbers when filling the in memory keytab with our (up to 4) machine passwords. If the kvno matches by accident the number we made up, the heimdal kerberos library may not fallback and check all other keys/passwords.