[OpenAFS] Re: SuSe 9.0 &Heimdal.6

Derrick J Brashear shadow@dementia.org
Fri, 26 Dec 2003 17:48:14 -0500 (EST)


On Fri, 26 Dec 2003, ted creedon wrote:

> I'm still getting "not authorized" errors and I have the following data:
>
> packet #3 is type kvno: 213 indicating that use_2b is being used (set in
> krb5.conf) as is 524 conversion.

correct. 255 - 0x2b is 213, fwiw.

> My understanding is that use_2b always sends a packet kvno 213 back. This
> seems to conflict with the key version numbers shown below.

it will, the "real" kvno will be in the encrypted part of the packet.

> It there a problem with the admin kdc account having des3-cbc-sha1 keys or
> afs not having a kvno of 213?

afs not having a 213 kvno: that's usual
admin kdc account: unsure. i don't think so, but there may be a policy
implication i'm forgetting.

> Does anyone have any suggestions?

you're using heimdal, yes? are you willing to try the recipe i have to
setting up the kaserver and converting that database for use with the
heimdal kdc?