[OpenAFS] FW: Evaluating OpenAFS
Mike Legg
mike.legg@u-blox.com
Tue, 7 Jun 2011 12:50:02 +0200
Hi Harald,
I have the following Kerberos packages installed
[root@openafs01 etc]# rpm -qa | grep krb5
krb5-server-1.6.1-55.el5_6.1
pam_krb5-2.2.14-18.el5
krb5-devel-1.6.1-55.el5_6.1
krb5-libs-1.6.1-55.el5_6.1
krb5-workstation-1.6.1-55.el5_6.1
krb5-auth-dialog-0.7-1
and the /etc/krb5.conf has
default =3D FILE:/var/log/krb5libs.log
kdc =3D FILE:/var/log/krb5kdc.log
admin_server =3D FILE:/var/log/kadmind.log
[libdefaults]
default_realm =3D VMKRB5
dns_lookup_realm =3D false
dns_lookup_kdc =3D false
ticket_lifetime =3D 24h
renew_lifetime =3D 7d
forwardable =3D true
allow_weak_crypto =3D true
[realms]
VMKRB5 =3D {
kdc =3D openafs01.geotate.local:88
admin_server =3D openafs01.geotate.local:749
}
[domain_realm]
=2Egeotate.local =3D VMKRB5
geotate.local =3D VMKRB5
[appdefaults]
pam =3D {
debug =3D false
ticket_lifetime =3D 36000
renew_lifetime =3D 36000
forwardable =3D true
krb4_convert =3D false
}
Mike
-----Original Message-----
From: Harald Barth [mailto:haba@kth.se]=20
Sent: 07 June 2011 11:37
To: Mike Legg
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] FW: Evaluating OpenAFS
> [root@openafs01 etc]# /usr/afs/bin/asetkey add 2 /etc/krb5.keytab.afs
> afs/krb5afs.geotate.local
>=20
> /usr/afs/bin/asetkey: unknown RPC error (-1765328154) while extracting
> AFS service key
What versions are your kerberos library and your KDC at?
Do you have the
[libdefaults]
allow_weak_crypto =3D true
option at the right places?
Harald.