[OpenAFS] heimdal, keyfiles, and bootup

Matthew J. Turk mturk@astro.psu.edu
Sun, 18 Apr 2004 11:29:07 -0400

Hi there.  I'm attempting to convert to a heimdal authentication system, but 
I've run into a problem.  (Everything else seems to work ok so far, and I've 
been following directions from this list -- specifically, from this thread:
https://lists.openafs.org/pipermail/openafs-info/2002-May/004321.html )

I'm having problems with the file /usr/afs/etc/KeyFile.  When it's the one 
generated by Heimdal (with, I believe, only the correct types of encryption) 
bosserver fails to start (silently, I noted with irritation.)  In order to 
get AFS to start, I have to copy my old keyfile back on top of it, start AFS, 
and then copy the heimdal keyfile over in order to proceed with 

I also noted they're quite different sizes; the heimdal-generated keyfile is 
about 800bytes, where the AFS one is about 100.  The types of encryption, 
according to ktutil, are all des-cbc-crc, although for some reason I have 
three copies of the key for principal afs/cell@REALM.

Has anybody run into this problem before?  Does it just smell like an 
encryption-type problem, or is it something simpler?