[OpenAFS] unknown key version numbers when using standard aklog with gssklog daemon

Chris McClimans openafs-info@mcclimans.net
Tue, 2 Sep 2003 06:38:38 -0500


I've switched from krb524 to gssklog (which appears to offer krb524 as 
well) but after I get tokens it appears I have the wrong key version.
I'm not sure how that could happen as I only have 1 version on the 
server both in the KeyFile and keytab (and they match).

-chris

On the client:

cp114% klist -e
klist -e
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default Principal: mccliman@CS.TTU.EDU
Valid Starting     Expires            Service Principal
09/02/03 06:25:46  09/02/03 16:25:46  krbtgt/CS.TTU.EDU@CS.TTU.EDU
	Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc 
mode with HMAC/sha1
09/02/03 06:25:55  09/02/03 16:25:46  afs/cs.ttu.edu@CS.TTU.EDU
	Etype (skey, tkt): DES cbc mode with CRC-32, Triple DES cbc mode with 
HMAC/sha1

cp114% tokens
tokens

Tokens held by the Cache Manager:

User's (AFS ID 1) tokens for afs@cs.ttu.edu [Expires Sep  2 16:25]
    --End of list--
cp114% pts listentries
pts listentries
Name                          ID  Owner Creator
pts: ticket contained unknown key version number ; unable to list 
entries

^^^ yummy

On the server:

oak:~# klist -ketK | grep afs/cs.ttu.edu@CS
   10 08/27/03 15:56:34 afs/cs.ttu.edu@CS.TTU.EDU (DES cbc mode with 
CRC-32)  (0x1234567890)

oak:~# asetkey list
kvno   10: key is: 1234567890
All done.

oak:~# ps -ef | grep gssklog
root      3128     1  0 Aug31 ?        00:00:00 /usr/sbin/gssklogd -a 
/etc/openafs/server/KeyFile -k /etc/krb5.keytab