[OpenAFS] Re: SuSe 9.0 &Heimdal.6
Derrick J Brashear
shadow@dementia.org
Fri, 26 Dec 2003 17:48:14 -0500 (EST)
On Fri, 26 Dec 2003, ted creedon wrote:
> I'm still getting "not authorized" errors and I have the following data:
>
> packet #3 is type kvno: 213 indicating that use_2b is being used (set in
> krb5.conf) as is 524 conversion.
correct. 255 - 0x2b is 213, fwiw.
> My understanding is that use_2b always sends a packet kvno 213 back. This
> seems to conflict with the key version numbers shown below.
it will, the "real" kvno will be in the encrypted part of the packet.
> It there a problem with the admin kdc account having des3-cbc-sha1 keys or
> afs not having a kvno of 213?
afs not having a 213 kvno: that's usual
admin kdc account: unsure. i don't think so, but there may be a policy
implication i'm forgetting.
> Does anyone have any suggestions?
you're using heimdal, yes? are you willing to try the recipe i have to
setting up the kaserver and converting that database for use with the
heimdal kdc?