[OpenAFS] Kerberos 1.8 and Openafs-1.4.12
Tom Mukunnemkeril
torrent_tech@yahoo.com
Sun, 21 Mar 2010 14:40:11 -0700 (PDT)
--0-458983789-1269207611=:37824
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
I went and upgraded all my server/client linux systems to Kerberos 1.8 and =
openafs 1.4.12.=A0 From the posts I have read here: https://lists.openafs.o=
rg/pipermail/openafs-info/2010-March/033059.html I was under the impression=
I didn't have to modify krb5.conf to allow weak encryption because somethi=
ng was enabled so that aklog was able to get tokens with the encryption.
However, it appears I still have to modify the krb5.conf to allow it.=A0 Ot=
herwise I see this error in aklog
root@goro:/etc# aklog -d
Getting tickets: afs@BANDALEROS.NET
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get bandaleros.net AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets
The krb5kdc log also indicates that the KDC has no support for encryption t=
ype.
Checking the config.log for openafs I noticed this:
configure:25362: checking for krb5_allow_weak_crypto
configure:25418: cc -o conftest -g -O2=A0 -I/usr/local/include=A0 conftest.=
c=A0 -L/usr
/local/lib -Wl,-rpath -Wl,/usr/local/lib -lkrb5 -lk5crypto -lcom_err -lreso=
lv -l
dl >&5
configure:25424: $? =3D 0
configure:25442: result: yes
configure:25362: checking for krb5_enctype_enable
configure:25418: cc -o conftest -g -O2=A0 -I/usr/local/include=A0 conftest.=
c=A0 -L/usr
/local/lib -Wl,-rpath -Wl,/usr/local/lib -lkrb5 -lk5crypto -lcom_err -lreso=
lv -l
dl >&5
/tmp/ccOLqQ68.o: In function `main':
/usr/local/downloads/openafs-1.4.12/conftest.c:193: undefined reference to =
`krb5
_enctype_enable'
Is that what's causing the problem?=A0=20
I'm running Linux-2.6.33.1, Kerberos 1.8 and openafs-1.4.12 off a slackware=
distribution.
Steps for upgrade:
Compiled and installed Kerberos 1.8 (upgraded from 1.7)
Installed linux 2.6.33.1
Compiled and installed Openafs-1.4.12 (upgraded from 1.4.11)
Tom
=0A=0A=0A
--0-458983789-1269207611=:37824
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" ><tr><td valign=3D"=
top" style=3D"font: inherit;"><div id=3D"yiv1867425768">I went and upgraded=
all my server/client linux systems to Kerberos 1.8 and openafs 1.4.12.&nbs=
p; From the posts I have read here: https://lists.openafs.org/pipermail/ope=
nafs-info/2010-March/033059.html I was under the impression I didn't have t=
o modify krb5.conf to allow weak encryption because something was enabled s=
o that aklog was able to get tokens with the encryption.<br><br>However, it=
appears I still have to modify the krb5.conf to allow it. Otherwise =
I see this error in aklog<br>root@goro:/etc# aklog -d<br><br>Getting ticket=
s: afs@BANDALEROS.NET<br>Kerberos error code returned by get_cred : -176532=
8370<br>aklog: Couldn't get bandaleros.net AFS tickets:<br>aklog: unknown R=
PC error (-1765328370) while getting AFS tickets<br><br>The krb5kdc log als=
o indicates that the KDC has no support for encryption type.<br><br>Checkin=
g the
config.log for openafs I noticed this:<br>configure:25362: checking for kr=
b5_allow_weak_crypto<br>configure:25418: cc -o conftest -g -O2 -I/usr=
/local/include conftest.c -L/usr<br>/local/lib -Wl,-rpath -Wl,/=
usr/local/lib -lkrb5 -lk5crypto -lcom_err -lresolv -l<br>dl >&5<br>c=
onfigure:25424: $? =3D 0<br>configure:25442: result: yes<br>configure:25362=
: checking for krb5_enctype_enable<br>configure:25418: cc -o conftest -g -O=
2 -I/usr/local/include conftest.c -L/usr<br>/local/lib -W=
l,-rpath -Wl,/usr/local/lib -lkrb5 -lk5crypto -lcom_err -lresolv -l<br>dl &=
gt;&5<br>/tmp/ccOLqQ68.o: In function `main':<br>/usr/local/downloads/o=
penafs-1.4.12/conftest.c:193: undefined reference to `krb5<br>_enctype_enab=
le'<br><br>Is that what's causing the problem? <br><br>I'm running Li=
nux-2.6.33.1, Kerberos 1.8 and openafs-1.4.12 off a slackware distribution.=
<br>Steps for upgrade:<br>Compiled and installed Kerberos 1.8
(upgraded from 1.7)<br>Installed linux 2.6.33.1<br>Compiled and installed =
Openafs-1.4.12 (upgraded from 1.4.11)<br><br>Tom<br></div></td></tr></table=
><br>=0A=0A
--0-458983789-1269207611=:37824--