[OpenAFS] klog with sites using fakeka against MIT1.6.2 broken?

Russ Allbery rra@stanford.edu
Thu, 23 Aug 2007 14:29:55 -0700

Matt Elliott <melliott@ncsa.uiuc.edu> writes:

> We just discovered a problem with our KDC now running MIT 1.6.2.  When a
> user changes their password (previous keys were created with our old kdc
> version 1.4.3 still work) with patches and then tries klog it longer
> grants tokens. klog returns "Unable to authenticate to AFS because
> password was incorrect."  kinit and a subsequent aklog still works.  Has
> anyone else seen this or have a fix?

I suspect referrals broke something, mostly because almost everything that
breaks after upgrading to 1.6.2 is because of referrals.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>