[OpenAFS] Re: Multiple Kerberos realm support

Andrew Deason adeason@sinenomine.net
Thu, 10 May 2012 17:24:48 -0500

On Thu, 10 May 2012 17:17:09 -0500
Andrew Deason <adeason@sinenomine.net> wrote:

> > This might be a problem:
> > [root@afs-dev-03 ~]# kinit -kt /var/tmp/afskerbuser.keytab 
> > afs/pitt.edu@UNIV.PITT.EDU
> > kinit: KDC has no support for encryption type while getting initial 
> > credentials
> That's a little confusing, since the KDC granted you a service ticket
> with a DES enctype earlier:

Er, no, this is RHEL6, with MIT krb5 1.9 iirc, which disables DES by
default. If the cause of that is what I think it is, that's a really
confusing error message, since it's not the KDC that's refusing the
request. Add the following:

    allow_weak_crypto = true

to the [libdefaults] section of /etc/krb5.conf, and try that again.

Andrew Deason