SSS key numbers should not increment based on the pre-existence of different named keys in the SSS keytab file
Each SSS key has a number which (please correct me if I am wrong) represents the version number of the key. This said, adding three differently named keys to a keytab file should result in all of them being version 1. This however is not the case. The version number of a newly added uniquely named key is dependent on the version numbers of the keys already existing in the SSS keytab file.
[itdssbuild01] sss > echo y | xrdsssadmin -k key1 -u key1_user -g key1_group add allkeys.sss.keytab; xrdsssadmin -k key2 -u key2_user -g key2_group add allkeys.sss.keytab; xrdsssadmin -k key3 -u key3_user -g key3_group add allkeys.sss.keytab
xrdsssadmin: Keyfile 'allkeys.sss.keytab' does not exist. Create it? (y | n): xrdsssadmin: 1 key out of 1 kept (0 expired).
xrdsssadmin: 2 keys out of 2 kept (0 expired).
xrdsssadmin: 3 keys out of 3 kept (0 expired).
[itdssbuild01] sss > xrdsssadmin list allkeys.sss.keytab
Number Len Date/Time Created Expires Keyname User & Group
------ --- --------- ------- -------- -------
1 32 09/25/17 18:56:45 -------- key1 key1_user key1_group
2 32 09/25/17 18:56:45 -------- key2 key2_user key2_group
3 32 09/25/17 18:56:45 -------- key3 key3_user key3_group
[itdssbuild01] sss >
The version number an SSS key should reflect its version and not the pre-existing contents of the keytab file it was added to.