[OpenAFS] unknown key version numbers when using standard aklog with gssklog daemon

Nathan Neulinger nneul@umr.edu
02 Sep 2003 07:42:58 -0500 

Are you using a fileserver version with rxkad2b support? The rxkad2b
looks like a key with version (I forget which) 0x2b or 0xff-0x2b to the
server, so if it doesn't have support for the rxkad2b style keys, it
will look like a wrong kvno.

-- Nathan

On Tue, 2003-09-02 at 06:38, Chris McClimans wrote:
> I've switched from krb524 to gssklog (which appears to offer krb524 as 
> well) but after I get tokens it appears I have the wrong key version.
> I'm not sure how that could happen as I only have 1 version on the 
> server both in the KeyFile and keytab (and they match).
> 
> -chris
> 
> On the client:
> 
> cp114% klist -e
> klist -e
> Kerberos 5 ticket cache: 'API:Initial default ccache'
> Default Principal: mccliman@CS.TTU.EDU
> Valid Starting     Expires            Service Principal
> 09/02/03 06:25:46  09/02/03 16:25:46  krbtgt/CS.TTU.EDU@CS.TTU.EDU
> 	Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc 
> mode with HMAC/sha1
> 09/02/03 06:25:55  09/02/03 16:25:46  afs/cs.ttu.edu@CS.TTU.EDU
> 	Etype (skey, tkt): DES cbc mode with CRC-32, Triple DES cbc mode with 
> HMAC/sha1
> 
> cp114% tokens
> tokens
> 
> Tokens held by the Cache Manager:
> 
> User's (AFS ID 1) tokens for afs@cs.ttu.edu [Expires Sep  2 16:25]
>     --End of list--
> cp114% pts listentries
> pts listentries
> Name                          ID  Owner Creator
> pts: ticket contained unknown key version number ; unable to list 
> entries
> 
> ^^^ yummy
> 
> On the server:
> 
> oak:~# klist -ketK | grep afs/cs.ttu.edu@CS
>    10 08/27/03 15:56:34 afs/cs.ttu.edu@CS.TTU.EDU (DES cbc mode with 
> CRC-32)  (0x1234567890)
> 
> oak:~# asetkey list
> kvno   10: key is: 1234567890
> All done.
> 
> oak:~# ps -ef | grep gssklog
> root      3128     1  0 Aug31 ?        00:00:00 /usr/sbin/gssklogd -a 
> /etc/openafs/server/KeyFile -k /etc/krb5.keytab
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
-- 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
UMR Information Technology             Fax: (573) 341-4216