s4-auth/kerberos: Note the good possability that the msDS-KeyVersionNumber is wrong

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index add75bc8df97d295e1e20601564b17821a3a745a..899a677bc619aefe58d17b06a3a6c76e229ec8c6 100644 (file)
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -316,6 +316,10 @@ NTSTATUS smb_krb5_fill_keytab_gmsa_keys(TALLOC_CTX *mem_ctx,
 
        cli_credentials_set_username(cred, username, CRED_SPECIFIED);
 
+       /*
+        * Note that this value may not be correct, it is updated
+        * after the query that gives us the passwords
+        */
        kvno = ldb_msg_find_attr_as_uint(msg, "msDS-KeyVersionNumber", 0);
 
        cli_credentials_set_kvno(cred, kvno);