[OpenAFS] Re: SuSe 9.0 &Heimdal.6

ted creedon tcreedon@easystreet.com
Fri, 26 Dec 2003 14:58:05 -0800

I have no problem with anything that would help. Send it.


-----Original Message-----
From: openafs-info-admin@openafs.org =
On Behalf Of Derrick J Brashear
Sent: Friday, December 26, 2003 2:48 PM
To: openafs-info@openafs.org
Subject: RE: [OpenAFS] Re: SuSe 9.0 &Heimdal.6

On Fri, 26 Dec 2003, ted creedon wrote:

> I'm still getting "not authorized" errors and I have the following =
> packet #3 is type kvno: 213 indicating that use_2b is being used (set =
> krb5.conf) as is 524 conversion.

correct. 255 - 0x2b is 213, fwiw.

> My understanding is that use_2b always sends a packet kvno 213 back. =
> seems to conflict with the key version numbers shown below.

it will, the "real" kvno will be in the encrypted part of the packet.

> It there a problem with the admin kdc account having des3-cbc-sha1 =
keys or
> afs not having a kvno of 213?

afs not having a 213 kvno: that's usual
admin kdc account: unsure. i don't think so, but there may be a policy
implication i'm forgetting.

> Does anyone have any suggestions?

you're using heimdal, yes? are you willing to try the recipe i have to
setting up the kaserver and converting that database for use with the
heimdal kdc?

OpenAFS-info mailing list