[OpenAFS] unknown key version numbers when using standard aklog with gssklog daemon
Chris McClimans
openafs-info@mcclimans.net
Tue, 2 Sep 2003 06:38:38 -0500
I've switched from krb524 to gssklog (which appears to offer krb524 as
well) but after I get tokens it appears I have the wrong key version.
I'm not sure how that could happen as I only have 1 version on the
server both in the KeyFile and keytab (and they match).
-chris
On the client:
cp114% klist -e
klist -e
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default Principal: mccliman@CS.TTU.EDU
Valid Starting Expires Service Principal
09/02/03 06:25:46 09/02/03 16:25:46 krbtgt/CS.TTU.EDU@CS.TTU.EDU
Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc
mode with HMAC/sha1
09/02/03 06:25:55 09/02/03 16:25:46 afs/cs.ttu.edu@CS.TTU.EDU
Etype (skey, tkt): DES cbc mode with CRC-32, Triple DES cbc mode with
HMAC/sha1
cp114% tokens
tokens
Tokens held by the Cache Manager:
User's (AFS ID 1) tokens for afs@cs.ttu.edu [Expires Sep 2 16:25]
--End of list--
cp114% pts listentries
pts listentries
Name ID Owner Creator
pts: ticket contained unknown key version number ; unable to list
entries
^^^ yummy
On the server:
oak:~# klist -ketK | grep afs/cs.ttu.edu@CS
10 08/27/03 15:56:34 afs/cs.ttu.edu@CS.TTU.EDU (DES cbc mode with
CRC-32) (0x1234567890)
oak:~# asetkey list
kvno 10: key is: 1234567890
All done.
oak:~# ps -ef | grep gssklog
root 3128 1 0 Aug31 ? 00:00:00 /usr/sbin/gssklogd -a
/etc/openafs/server/KeyFile -k /etc/krb5.keytab