[OpenAFS-devel] ticket contained unknown key version number

Martin MOKREJŠ mmokrejs@ribosome.natur.cuni.cz
Wed, 17 Aug 2005 02:34:42 +0200 

This is a multi-part message in MIME format.
--------------040608080407050001080302
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,
  I've deletd my test cell and have started from scratch. But somehow,
I cannot re-create the setup as usually. I use current cvs checkout of
openafs with both, heimdal-0.7-cvs and heimdal-0.6.5. It seems bos
doesn't understand "some" tickets ... but, it doesn't give any usefull
output. Why is the "krbtgt/DOMA@DOMA" containing the cellname part in
uppercase? Maybe that's the problem?

aquarius heimdal-0.6.5 # klist -v
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: mmokrejs/admin@DOMA
    Cache version: 4

Server: krbtgt/DOMA@DOMA
Ticket etype: des-cbc-crc, kvno 1
Auth time:  Aug 17 02:26:30 2005
End time:   Aug 18 02:26:30 2005
Renew till: Aug 24 02:26:30 2005
Ticket flags: forwardable, proxiable, renewable, initial
Addresses: IPv4:192.168.0.11

Server: afs/doma@DOMA
Ticket etype: des-cbc-crc, kvno 1
Auth time:  Aug 17 02:26:30 2005
End time:   Aug 18 02:26:30 2005
Ticket flags: transited-policy-checked
Addresses: IPv4:192.168.0.11

aquarius heimdal-0.6.5 # bos status -server aquarius -long
bos: failed to contact host's bosserver (ticket contained unknown key version number).
aquarius heimdal-0.6.5 # 

My /etc/krb5.conf is attached. Anything wrong in there?
Are there soem enctypes which do not work? I mean, do I have to delete
some of them after afs/cellname principal is created?
Like:
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/doma@DOMA -e des-cbc-md5
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/doma@DOMA -e des-cbc-md4
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/doma@DOMA -e aes256-cts-hmac-sha1-96
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/doma@DOMA -e arcfour-hmac-md5


Thanks for help
Martin

--------------040608080407050001080302
Content-Type: text/plain;
 name="krb5.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="krb5.conf"

[libdefaults]
	ticket_lifetime = 7 days
	renew_lifetime = 7 days
	default_realm = DOMA
	encrypt = yes
	forwardable = true
	forward = yes
	proxiable = true
	dns_lookup_kdc = false
	dns_lookup_realm = false
	
	kdc = 192.168.0.11:88
	
	# for Win2K compatibility
	# default_etypes = des-cbc-crc
	# default_etypes_des = des-cbc-crc
	
[realms]
	DOMA = {
	      kdc = 192.168.0.11:88
	      admin_server = 192.168.0.11:749
	      default-domain = doma
	}

[domain_realm]
	.doma = DOMA
	doma = DOMA

[kadmin]
        kdc = 192.168.0.11:88

	# for Win2K compatibility
	# When true, this is the same as
	# default_keys = des3:pw-salt v4
	# and is only left for backwards compatibility.
	#
	# use_v4_salt=yes
	# default_keys = afs3


[appdefaults]
        ticket_lifetime = 7 days
	renew_lifetime = unlimited
	forwardable = true
	proxiable = true
	encrypt = true
	forward = true
	libkafs = {
		afs-use-524 = local
	}

[logging]
	kdc = SYSLOG
	admin_server = SYSLOG
	default = SYSLOG

--------------040608080407050001080302--