[OpenAFS] OpenAFS + krb5

JR Boyens jboyens@iastate.edu
Tue, 26 Nov 2002 16:34:34 -0600 

I had this problem as well. What I did was whenever I could specify '-e
des-cbc-crc:v4' I did. That's what got me through it. I was missing that
flag at the ktadd stage. Hope that helps.

--
JR Boyens
jboyens@iastate.edu

On Wed, Nov 27, 2002 at 10:20:10AM +1300 or thereabouts, Nathan Ward wrote:
> Hi,
> 
> I have been tearing my hair out the last few days trying to get this working, to no avail.
> 
> I have krb5kdc and krb524d running on a machine.
> I have an AFS principal in the KDC.
> I have all the correct info in DNS.
> 
> I keep getting those evil rxkad error 19270408's and I have tried the following:
> - Having an afs/alb-nz.esphion.com@ALB-NZ.ESPHION.COM principal
> - Having an afs@ALB-NZ.ESPHION.COM principal
> - Specifying -e des-cbc-crc:v4
> - Specifying -e des-cbc-crc:normal
> - Specifying -e des-cbc-crc:afs3
> - A patch to krb524d.c to make it return the correct kvno.
> - Having matching kvno's in my KeyFile and my KDC ( I check with getprinc <principal> and bos listkeys
>   serv-1 localauth ) 
> 
> I have openafs configured to after running afs-newcell. afs-rootvol fails on fs setacl /afs system:anyuser rl.
> ls /afs fails also. 
> The rxkad error appears in my system logs for both.
> 
> Is there a way to see what kvno krb524d is spitting out?  What does the -k krb524d option do?
> 
> Google seems to be telling me many different things (above), none of them worked.
> 
> Are there any useful debug commands I can use other than:
> - bos listkeys
> - aklog -d
> - kadmin: getprinc <princ>
> - ktutil: list
> - klist -cfean
> 
> Thanks for any help you can give.
> 
> -- 
> 
> Nathan Ward
> System Administrator
> Esphion Ltd.
> 
> PH:    +64 9 4142060      | EMail: nward@esphion.com
> MOB:   +64 9 21 431675    | Web:   www.esphion.com
> 
> --
> 
> This message is provided "AS IS" with no warranties, and confers no rights.
> Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
> Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request.  I retaliate viciously against spammers and spam sites.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>