[OpenAFS] gssklog

Douglas E. Engert deengert@anl.gov
Tue, 14 May 2002 10:15:28 -0500


As I said in a seperate message, this looks like the AD is generating
a K5 ticket using an encryption type which the server can not handle. 
This could be a missing:

krb5.conf:
 [libdefaults]
 default_tkt_enctypes = des-cbc-md5
 default_tgs_enctypes = des-cbc-md5

(Or dce-cbc-crc)

Or the way the keytab entry for the gssklogd was generated has a problem.

Do a klist -e 
on the client to see what the tickets look like.


David Hajek wrote:
> 
> Hello,
> 
> I'm trying to setup afs, where authentication is done with W2k AD
> using gssklog. I'm able to get receive kerberos tokens from AD on
> both linux and windows. But I'm still unable to get AFS tokens.
> I'm using gssklog for this.
> AFS is running on Redhat Linux 7.2. I am still unable to get
> AFS tokens.
> 
> ./gssklogd -d -k /etc/gssklog.keytab -p 750
> len=42, name=gssklog/kerberos.foo.com@FOO.COM
> N handle_connections: got connection, s = 5
> N run_acceptor: initiated on 5
> N receive_message(): Received message: [1120]
> N run_acceptor: calling gss_accept_sec_context
> N run_acceptor: sending output token: [121]
> N send_message(): Sending   data: [121]
> N send_message(): Message sent [121].
> GSS-error accepting credentials: major_status:000d0000 minor_status:96c73abc
> Miscellaneous failure
> Bad encryption type
> Tue May 14 14:16:36 - kerberos.foo.com[10.0.0.171] FAILED for above
> reasons
> N handle_connections: Listening for next.
> 
> ./gssklog
> found cell=foo.com
> after gssklog_acquire_credN connect_to_server_sockaddr attempting connection
> to 10.0.0.171.
> N connect_to_server_sockaddr connected socket
> N gssklog_doit(): Connected to acceptor
> N gssklog_doit(): calling gss_init_sec_context
> N gssklog_doit(): Returned from init_sec_ctx w/token [1120]
> N send_message(): Sending   data: [1120]
> N send_message(): Message sent [1120].
> N gssklog_doit(): Sent output token [1120], waiting for new token
> N receive_message(): Received message: [121]
> N gssklog_doit(): Received token: [121]
> N gssklog_doit(): calling gss_init_sec_context
> N gssklog_doit(): Returned from init_sec_ctx w/token [0]
> GSS-error init_sec_context failed: major_status:000d0000
> minor_status:96c73a3c
> Miscellaneous failure
> unknown RPC error (-1765328324)
> Failed
> 
> Have you got any idea, whats wrong?
> 
> -David
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444