[OpenAFS] More OpenAFS + Heimdal questions...
Eric Knudstrup
eric@knudstrup.org
Fri, 11 May 2001 21:50:30 -0700 (PDT)
Quoting Derrick J Brashear <shadow@dementia.org>:
> On Fri, 11 May 2001, Eric Knudstrup wrote:
>
> > [root@taipienyi heimdal]# sbin/kadmin -l
> > kadmin> get -l eknuds
> > Principal: eknuds@KNUDSTRUP.ORG
> > Principal expires: never
> > Password expires: never
> > Last password change: never
> > Max ticket life: 1 day
> > Max renewable life: 1 week
> > Kvno: 1
> > Mkvno: 0
> > Policy: none
> > Last successful login: never
> > Last failed login: never
> > Failed login count: 0
> > Last modified: 2001-05-11 07:28:03 UTC
> > Modifier: kadmin/admin@KNUDSTRUP.ORG
> > Attributes:
> > Keytypes(salttype[(salt-value)]): des-cbc-md5(pw-salt()),
> > des-cbc-md4(pw-salt()), des-cbc-crc(pw-salt()),
> des3-cbc-sha1(pw-salt),
> > des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt),
> > des-cbc-md5(afs3-salt()), des-cbc-md4(afs3-salt()),
> des-cbc-crc(afs3-salt())
>
> you have the afs3 salted keys, which is what matters; did you specify
> the
> cellname in lowercase? consider also just using v4-style des keys and
> not
> putting afs3 keys in your database at all, klog can deal with them.
Yes, the cell name is in lowercase:
[kdc]
profile = /usr/local/var/krb5kdc/kdc.conf
enable-kaserver = true
afs-cell = knudstrup.org
enable-524 = true
v4-realm = KNUDSTRUP.ORG
Does the v4-realm matter for AFS compat?
Thanks,
Eric