[OpenAFS] Re: SuSe 9.0 &Heimdal.6
ted creedon
tcreedon@easystreet.com
Fri, 26 Dec 2003 12:41:56 -0800
I'm still getting "not authorized" errors and I have the following data:
packet #3 is type kvno: 213 indicating that use_2b is being used (set in
krb5.conf) as is 524 conversion.
=20
My understanding is that use_2b always sends a packet kvno 213 back. =
This
seems to conflict with the key version numbers shown below.
It there a problem with the admin kdc account having des3-cbc-sha1 keys =
or
afs not having a kvno of 213?
Does anyone have any suggestions?
tedc
shemya: # kinit admin
admin@TED-DORIS.FAM's Password:
shemya: # bos listkeys shemya
bos: you are not authorized for this operation error encountered while
listing keys
shemya: # tokens
Tokens held by the Cache Manager:
Tokens for afs@tedcell [Expires Dec 26 22:04]
--End of list--
shemya: # bos listkeys shemya -noauth
bos: you are not authorized for this operation error encountered while
listing keys
<<<< ethereal listing>>>>>>>>
No. Time Source Destination Protocol =
Info
1 0.000000 10.1.1.116 10.1.1.116 AFS (RX)
Encrypted BOS Request
2 0.000143 10.1.1.116 10.1.1.116 RX
CHALLENGE Seq: 0 Call: 0 Source Port: afs3-bos Destination Port: =
32772
3 0.000325 10.1.1.116 10.1.1.116 RX =
RESPONSE
Seq: 0 Call: 0 Source Port: 32772 Destination Port: afs3-bos
4 0.000560 10.1.1.116 10.1.1.116 RX =
ABORT
Seq: 0 Call: 1 Source Port: afs3-bos Destination Port: 32772
6 2.195813 10.1.1.116 10.1.1.116 AFS (RX)
Encrypted BOS Request
7 2.196673 10.1.1.116 10.1.1.116 RX =
ABORT
Seq: 0 Call: 1 Source Port: afs3-bos Destination Port: 32772
kdc.log
2003-12-26T12:04:53 AS-REQ admin@TED-DORIS.FAM from IPv4:10.1.1.116 for
krbtgt/TED-DORIS.FAM@TED-DORIS.FAM
2003-12-26T12:04:54 Using des-cbc-md5/des3-cbc-sha1
2003-12-26T12:04:54 sending 614 bytes to IPv4:10.1.1.116
2003-12-26T12:04:54 TGS-REQ admin@TED-DORIS.FAM from IPv4:10.1.1.116 for
afs/tedcell@TED-DORIS.FAM
2003-12-26T12:04:54 sending 532 bytes to IPv4:10.1.1.116
2003-12-26T12:04:54 524-REQ admin@TED-DORIS.FAM from IPv4:10.1.1.116 for
afs/tedcell@TED-DORIS.FAM
2003-12-26T12:04:54 sending 1266 bytes to IPv4:10.1.1.116
shemya:/var/log # ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
0 des-cbc-crc afs@TED-DORIS.FAM
2 des-cbc-crc afs@TED-DORIS.FAM
2 des-cbc-md4 afs@TED-DORIS.FAM
2 des-cbc-md5 afs@TED-DORIS.FAM
2 des-cbc-md5 admin@TED-DORIS.FAM
2 des-cbc-md4 admin@TED-DORIS.FAM
1 des3-cbc-sha1 root@TED-DORIS.FAM
1 des-cbc-md5 root@TED-DORIS.FAM
1 des-cbc-md4 root@TED-DORIS.FAM
1 des-cbc-crc root@TED-DORIS.FAM
1 des-cbc-crc host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des-cbc-md4 host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des-cbc-md5 host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des3-cbc-sha1 host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des3-cbc-sha1 admin/admin@TED-DORIS.FAM
1 des-cbc-md5 admin/admin@TED-DORIS.FAM
1 des-cbc-md4 admin/admin@TED-DORIS.FAM
1 des-cbc-crc admin/admin@TED-DORIS.FAM
2 des-cbc-crc admin@TED-DORIS.FAM
2 des-cbc-crc afs/tedcell@TED-DORIS.FAM
2 des-cbc-md4 afs/tedcell@TED-DORIS.FAM
2 des-cbc-md5 afs/tedcell@TED-DORIS.FAM
krb4:/etc/srvtab:
Vno Type Principal
1 des-cbc-md5 root@TED-DORIS.FAM
1 des-cbc-md4 root@TED-DORIS.FAM
1 des-cbc-crc root@TED-DORIS.FAM
1 des-cbc-md5 host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des-cbc-md4 host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des-cbc-crc host/shemya.ted-doris.fam@TED-DORIS.FAM
1 des-cbc-md5 admin/admin@TED-DORIS.FAM
1 des-cbc-md4 admin/admin@TED-DORIS.FAM
1 des-cbc-crc admin/admin@TED-DORIS.FAM
2 des-cbc-md5 afs@TED-DORIS.FAM
2 des-cbc-md4 afs@TED-DORIS.FAM
2 des-cbc-crc afs@TED-DORIS.FAM
2 des-cbc-md5 admin@TED-DORIS.FAM
2 des-cbc-md4 admin@TED-DORIS.FAM
2 des-cbc-crc admin@TED-DORIS.FAM