[OpenAFS] asetkey: unknown RPC error (-1765328203) while extracting AFS service key
Simon Wilkinson
sxw@inf.ed.ac.uk
Tue, 12 Apr 2011 16:18:11 +0100
On 12 Apr 2011, at 16:09, Jeffrey Altman wrote:
> If the kvno you generated is 8, then the keno you ask asetkey to add =
must also be 8.
The principal was added with kvno 8, but then the 'ktadd' incremented =
that number by 1 one when it regenerated the key to create the keytab. =
klist shows the kvno as 9:
>> [root@afs1c afs]# klist -e -k =
afs1_dantolov.uits.indiana.edu_kdc.keytab
>> Keytab name: FILE:afs1_dantolov.uits.indiana.edu_kdc.keytab
>> KVNO Principal
>> ---- =
--------------------------------------------------------------------------=
>> 9 afs/afs1.bedrock.iu.edu@KDC.DANTOLOV.UITS.INDIANA.EDU (DES cbc =
mode with RSA-MD5)
I think the problem is the encryption type. When we do the extract, we =
specifically ask for a des-cbc-crc key. The key you have created is =
des-cbc-md5. I suspect that the extraction routine is seeing these types =
as different, and so failing the match.
Try again with a des-cbc-crc key, and see if that works!
Cheers,
Simon.