the Kerberos implementation in java version 6u20 (and below) ignores the key version number (KVNO) in keytab
however in java version 6u21 the Kerberos implementation throws KRB_AP_ERR_BADKEYVER ("Specified version of key is not available")
if the KVNOs do not match
this is quite problematic, as the ktab tool is not able to manipulate the KVNOs in the keytab files!
am I right?
if I'm right, the even bigger problem is
that this change is NOT DOCUMENTED by Oracle/Sun !!!
if someone upgrades an application with Kerberos to java version 6u21
his/her application suddenly breaks!