[OpenAFS] (no subject)
Jeffrey Altman
jaltman@secure-endpoints.com
Wed, 02 Sep 2009 14:17:44 -0400
Garrison, Eric C wrote:
> Default principal: ecgarris@ADS.IU.EDU
>
> Valid starting Expires Service principal
> 07/08/09 14:53:40 07/09/09 00:53:44 krbtgt/ADS.IU.EDU@ADS.IU.EDU
> renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
> mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
> 07/08/09 14:53:56 07/09/09 00:53:44 afs/afstest.iu.edu@ADS.IU.EDU
> renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
> mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
>
> So what else should I look for in the token being bad in another way?
The enctype must be DES-CBC-CRC for use with AFS. AES is not supported.
Jeffrey Altman