Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Subject: kadmin.local's ktadd -norandkey does not handle multiple kvnos in
 the KDB
X-RT-Original-Encoding: iso-8859-1
Content-Length: 586

The sequence:
addprinc -randkey -e des-cbc-md5:normal test
cpw -randkey -keepold -e aes256-cts-hmac-sha1-96:normal test
ktad -norandkey test

will produce a keytab containing both the DES key and the AES key, but both keys are marked as 
kvno 2 (whereas the DES key should be kvno 1).

src/kadmin/cli/keytab.c's add_principal() (in the norandkey case) goes and gets the principal 
keys, and then separately gets the principal from the DB, and then uses the kvno from the 
get_principal output for all keys.

Reported by Peter Grandi (pg@afs.list.sabi.co.UK) on openafs-info@openafs.org.