[OpenAFS] Re: Creating service principal and keytab from active directory for afs/cell

Arne Wiebalck Arne.Wiebalck@cern.ch
Thu, 26 Sep 2013 17:21:47 +0000

Do you happen to know what controls which enc type AD will pick when issuin=
g an AFS service ticket?


Andrew Deason <adeason@sinenomine.net> schrieb:

On Thu, 26 Sep 2013 16:38:42 +0000
Arne Wiebalck <Arne.Wiebalck@cern.ch> wrote:

> Thanks Andrew and Jeffrey.
> So, from what I understand from your answers is that as long the
> AFS server has a rxkad.keytab that contains the enc type the
> KDC issues, things should be OK afs-wise.

I just realized I didn't confirm this. Yes, that is generally correct,
and point I meant to get across.

There is an exception to that where it's not strictly true if your KDC
is issuing service tickets with single DES. But your KDC is not supposed
to be issuing DES tickets in this scenario.

Andrew Deason

OpenAFS-info mailing list