[OpenAFS] KRB5 integration problems
Michael Nelson
mikenel@iapetus.com
Fri, 27 Sep 2002 18:00:53 -0400 (EDT)
On 22 Sep 2002, Derek Atkins wrote:
> Are you sure you have the right name/key/kvno in:
> 1) KDC
> 2) KeyFile
> 3) your ticket cache?
In my ticket cache I have:
09/27/02 17:43:06 09/28/02 03:43:03 afs/afs.iapetus.com@UNIX.IAPETUS.COM
In my KDC, I have:
Principal: afs/afs.iapetus.com@UNIX.IAPETUS.COM
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
When using the des-cbc-crc:afs3 cipher for this account and exporting the
key to a keytab for injection using asetkey, getprinc's description of the
key changes from "AFS version 3" to "no salt". Is this the correct
behavior?
The key file's kvno matches the KDC.
The error I am currently getting is permission denied -- when ls'ing /afs
and trying to do, say, pts exam admin. When I switch back the kaserver I
don't have any problems.
-mike