[OpenAFS] unknown key version numbers when using standard aklog with gssklog daemon

Chris McClimans openafs-info@mcclimans.net
Tue, 2 Sep 2003 08:06:59 -0500 

I'm using openafs 1.2.10 as the server and the client. I haven't heard 
of rxkad2b yet. I'll go poke around on the wiki.
-chris

On Tuesday, September 2, 2003, at 07:42  AM, Nathan Neulinger wrote:

> Are you using a fileserver version with rxkad2b support? The rxkad2b
> looks like a key with version (I forget which) 0x2b or 0xff-0x2b to the
> server, so if it doesn't have support for the rxkad2b style keys, it
> will look like a wrong kvno.
>
> -- Nathan
>
> On Tue, 2003-09-02 at 06:38, Chris McClimans wrote:
>> I've switched from krb524 to gssklog (which appears to offer krb524 as
>> well) but after I get tokens it appears I have the wrong key version.
>> I'm not sure how that could happen as I only have 1 version on the
>> server both in the KeyFile and keytab (and they match).
>>
>> -chris
>>
>> On the client:
>>
>> cp114% klist -e
>> klist -e
>> Kerberos 5 ticket cache: 'API:Initial default ccache'
>> Default Principal: mccliman@CS.TTU.EDU
>> Valid Starting     Expires            Service Principal
>> 09/02/03 06:25:46  09/02/03 16:25:46  krbtgt/CS.TTU.EDU@CS.TTU.EDU
>> 	Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc
>> mode with HMAC/sha1
>> 09/02/03 06:25:55  09/02/03 16:25:46  afs/cs.ttu.edu@CS.TTU.EDU
>> 	Etype (skey, tkt): DES cbc mode with CRC-32, Triple DES cbc mode with
>> HMAC/sha1
>>
>> cp114% tokens
>> tokens
>>
>> Tokens held by the Cache Manager:
>>
>> User's (AFS ID 1) tokens for afs@cs.ttu.edu [Expires Sep  2 16:25]
>>     --End of list--
>> cp114% pts listentries
>> pts listentries
>> Name                          ID  Owner Creator
>> pts: ticket contained unknown key version number ; unable to list
>> entries
>>
>> ^^^ yummy
>>
>> On the server:
>>
>> oak:~# klist -ketK | grep afs/cs.ttu.edu@CS
>>    10 08/27/03 15:56:34 afs/cs.ttu.edu@CS.TTU.EDU (DES cbc mode with
>> CRC-32)  (0x1234567890)
>>
>> oak:~# asetkey list
>> kvno   10: key is: 1234567890
>> All done.
>>
>> oak:~# ps -ef | grep gssklog
>> root      3128     1  0 Aug31 ?        00:00:00 /usr/sbin/gssklogd -a
>> /etc/openafs/server/KeyFile -k /etc/krb5.keytab
>>
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
> -- 
>
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nneul@umr.edu
> University of Missouri - Rolla         Phone: (573) 341-4841
> UMR Information Technology             Fax: (573) 341-4216
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>