[OpenAFS] Re: Screwy keys? OpenAFS pts (and other) problems with MIT KDC
Jeff Blaine
jblaine@kickflop.net
Fri, 19 May 2006 14:46:49 -0400
> Before you got "unknown key version number", right?
Sorry, yes. My eyes are a bit crossed from all of this.
> It looks like you just changed the kvno to match the
> one in the AFS keyfile, but the actual _key_ is different.
> I think you need to genreate a whole new key in database,
> with a new kvno, and place that in the KeyFile.
How strange. I swear I tried to do just that... 5 times
yesterday before even posting (hence all the way up to
kvno 5).
Anyway, it works now. Thanks all.
kadmin.local: ktremove afs/jbtest
Entry for principal afs/jbtest with kvno 5 removed from keytab
WRFILE:/etc/krb5.keytab.
kadmin.local: ktadd -e des-cbc-crc:normal afs/jbtest
Entry for principal afs/jbtest with kvno 6, encryption type DES cbc mode
with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
kadmin.local: quit
bash-2.05# asetkey list
kvno 5: key is: FOOBAR
All done.
bash-2.05# asetkey delete 5
bash-2.05# asetkey add 6 /etc/krb5.keytab afs/jbtest
bash-2.05# asetkey list
kvno 6: key is: BLAH
All done.
bash-2.05#
bash-2.05# unlog
bash-2.05# kdestroy
bash-2.05#
bash-2.05# kinit admin
Password for admin@JBTEST:
bash-2.05# aklog -d
Authenticating to cell jbtest (server noodle.foo.com).
We've deduced that we need to authenticate to realm JBTEST.
Getting tickets: afs/jbtest@JBTEST
Using Kerberos V5 ticket natively
About to resolve name admin to id in cell jbtest.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 / @ JBTEST
bash-2.05#
bash-2.05# pts members system:administrators
Members of system:administrators (id: -204) are:
admin
bash-2.05#