[OpenAFS] klog with sites using fakeka against MIT1.6.2 broken?
Mike Dopheide
dopheide@ncsa.uiuc.edu
Thu, 23 Aug 2007 16:54:51 -0500
Number of keys: 5
Key: vno 30, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 30, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 30, DES cbc mode with CRC-32, no salt
Key: vno 30, DES cbc mode with CRC-32, Version 4
Key: vno 30, DES cbc mode with CRC-32, AFS version 3
-Mike
Jeffrey Altman wrote:
> Matt Elliott wrote:
>> We just discovered a problem with our KDC now running MIT 1.6.2. When a
>> user changes their password (previous keys were created with our old kdc
>> version 1.4.3 still work) with patches and then tries klog it longer
>> grants tokens. klog returns "Unable to authenticate to AFS because
>> password was incorrect." kinit and a subsequent aklog still works. Has
>> anyone else seen this or have a fix?
>
> What keys are you generating in the KDC for principals at password changes?
>