[OpenAFS] heimdal, keyfiles, and bootup
Matthew J. Turk
mturk@astro.psu.edu
Sun, 18 Apr 2004 11:29:07 -0400
Hi there. I'm attempting to convert to a heimdal authentication system, but
I've run into a problem. (Everything else seems to work ok so far, and I've
been following directions from this list -- specifically, from this thread:
https://lists.openafs.org/pipermail/openafs-info/2002-May/004321.html )
I'm having problems with the file /usr/afs/etc/KeyFile. When it's the one
generated by Heimdal (with, I believe, only the correct types of encryption)
bosserver fails to start (silently, I noted with irritation.) In order to
get AFS to start, I have to copy my old keyfile back on top of it, start AFS,
and then copy the heimdal keyfile over in order to proceed with
authentication.
I also noted they're quite different sizes; the heimdal-generated keyfile is
about 800bytes, where the AFS one is about 100. The types of encryption,
according to ktutil, are all des-cbc-crc, although for some reason I have
three copies of the key for principal afs/cell@REALM.
Has anybody run into this problem before? Does it just smell like an
encryption-type problem, or is it something simpler?
Thanks!
mjt