[OpenAFS] Cross Realm Kerberos+AFS
Derek Harkness
dharknes@umd.umich.edu
Wed, 19 May 2004 10:41:09 -0400
Cross realm kinit; aklog -d; klist -e -f
Valid starting Expires Service principal
05/19/04 07:41:17 05/19/04 17:41:15 krbtgt/UMD.UMICH.EDU@UMD.UMICH.EDU
Flags: FPIA, Etype (skey, tkt): Triple DES cbc mode with
HMAC/sha1, Triple DES cbc mode with HMAC/sha1 05/19/04 07:41:18
05/19/04 17:41:15 krbtgt/ITS.UMD.UMICH.EDU@UMD.UMICH.EDU
Flags: FPAT, Etype (skey, tkt): Triple DES cbc mode with
HMAC/sha1, DES cbc mode with CRC-32
05/19/04 07:41:18 05/19/04 17:41:15
afs/its.umd.umich.edu@ITS.UMD.UMICH.EDU
Flags: FPAT, Etype (skey, tkt): DES cbc mode with CRC-32, DES
cbc mode with CRC-32
Non-Cross realm kinit; aklog -d; klist -e -f
Valid starting Expires Service principal
05/19/04 07:42:42 05/19/04 17:42:42
krbtgt/ITS.UMD.UMICH.EDU@ITS.UMD.UMICH.EDU
Flags: FPIA, Etype (skey, tkt): DES cbc mode with CRC-32, DES
cbc mode with CRC-32
05/19/04 07:42:56 05/19/04 17:42:42
afs/its.umd.umich.edu@ITS.UMD.UMICH.EDU
Flags: FPAT, Etype (skey, tkt): DES cbc mode with CRC-32, DES
cbc mode with CRC-32
Derek
On May 18, 2004, at 11:38 PM, Douglas E. Engert wrote:
> This is KRB5KDC_ERR_POLICY As Jeff said, this would be transited
> field.
>
> After you do a kinit and an "aklog -d"
> what does "klist -e -f" show?
> Can you try this on both systems?
>
> Douglas E. Engert <DEEngert@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
>