[OpenAFS] RE: [Q] aklog with a Windows 2000 KDC?
Economou, Matthew [EESUS]
MEconom@EESUS.JNJ.com
Mon, 23 Apr 2001 09:23:13 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0CBF8.8C520F90
Content-Type: text/plain;
charset="iso-8859-1"
You were correct about keys being mismatched. The weird thing
is, it seems that my domain controller returns tickets with the
kvno == 0. So once I recreated the AFS keytab, everything started
working just fine.
(MIT Kerberos includes a utility called "kvno" that will examine
tickets for one.)
Thanks for your help,
#\Matthew
-----Original Message-----
From: Neulinger, Nathan [mailto:nneul@umr.edu]
Sent: Thursday, April 19, 2001 12:23 PM
To: 'Economou, Matthew [EESUS]'; @Openafs-Info (E-mail)
Subject: RE: [OpenAFS] RE: [Q] aklog with a Windows 2000 KDC?
Sounds to me like you still have the keys mismatched.
the win2k kdc always returns kvno 1. If you set the password, make the
keytab from the kdc, then update the keytab and KeyFile with that key on the
afs servers, restart all afs servers, and restart krb524d, it should work.
------_=_NextPart_001_01C0CBF8.8C520F90
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.19">
<TITLE>RE: [OpenAFS] RE: [Q] aklog with a Windows 2000 KDC?</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>You were correct about keys being mismatched. The weird thing</FONT>
<BR><FONT SIZE=2>is, it seems that my domain controller returns tickets with the</FONT>
<BR><FONT SIZE=2>kvno == 0. So once I recreated the AFS keytab, everything started</FONT>
<BR><FONT SIZE=2>working just fine.</FONT>
</P>
<P><FONT SIZE=2>(MIT Kerberos includes a utility called "kvno" that will examine</FONT>
<BR><FONT SIZE=2>tickets for one.)</FONT>
</P>
<P><FONT SIZE=2>Thanks for your help,</FONT>
<BR><FONT SIZE=2>#\Matthew</FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Neulinger, Nathan [<A HREF="mailto:nneul@umr.edu">mailto:nneul@umr.edu</A>]</FONT>
<BR><FONT SIZE=2>Sent: Thursday, April 19, 2001 12:23 PM</FONT>
<BR><FONT SIZE=2>To: 'Economou, Matthew [EESUS]'; @Openafs-Info (E-mail)</FONT>
<BR><FONT SIZE=2>Subject: RE: [OpenAFS] RE: [Q] aklog with a Windows 2000 KDC?</FONT>
</P>
<P><FONT SIZE=2>Sounds to me like you still have the keys mismatched. </FONT>
<BR><FONT SIZE=2> </FONT>
<BR><FONT SIZE=2>the win2k kdc always returns kvno 1. If you set the password, make the</FONT>
<BR><FONT SIZE=2>keytab from the kdc, then update the keytab and KeyFile with that key on the</FONT>
<BR><FONT SIZE=2>afs servers, restart all afs servers, and restart krb524d, it should work. </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C0CBF8.8C520F90--