[OpenAFS] klog with sites using fakeka against MIT1.6.2 broken?

Mike Dopheide dopheide@ncsa.uiuc.edu
Thu, 23 Aug 2007 16:54:51 -0500


Number of keys: 5
Key: vno 30, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 30, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 30, DES cbc mode with CRC-32, no salt
Key: vno 30, DES cbc mode with CRC-32, Version 4
Key: vno 30, DES cbc mode with CRC-32, AFS version 3

-Mike

Jeffrey Altman wrote:
> Matt Elliott wrote:
>> We just discovered a problem with our KDC now running MIT 1.6.2.  When a
>> user changes their password (previous keys were created with our old kdc
>> version 1.4.3 still work) with patches and then tries klog it  longer
>> grants tokens. klog returns "Unable to authenticate to AFS because
>> password was incorrect."  kinit and a subsequent aklog still works.  Has
>> anyone else seen this or have a fix?
> 
> What keys are you generating in the KDC for principals at password changes?
>