[OpenAFS] ADS and MIT Kerberos transition auth continued

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 16 Jul 2009 17:02:19 -0400

Eric Chris Garrison wrote:
> Anything else that we might be missing?  I keep thinking it must be
> something simple.

It has to be key related.  An authenticated/encrypted connection is
possible provided that the key works.  Even if the user name is not
found in the protection database.

I would verify once again using kvno that the key in fact works and that
you are in fact obtaining des based enctypes.

Jeffrey Altman