[OpenAFS] klog with sites using fakeka against MIT1.6.2 broken?
Fri, 31 Aug 2007 16:02:52 -0500
We've also found that reverting back to MIT Kerberos 1.4.3 wasn't good
enough. Some principals would start working with klog again after
another password change, but others needed to be deleted and recreated.
Is anyone else using MIT Kerberos 1.6.2 and klog?
Mike Dopheide wrote:
> Number of keys: 5
> Key: vno 30, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
> Key: vno 30, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 30, DES cbc mode with CRC-32, no salt
> Key: vno 30, DES cbc mode with CRC-32, Version 4
> Key: vno 30, DES cbc mode with CRC-32, AFS version 3
> Jeffrey Altman wrote:
>> Matt Elliott wrote:
>>> We just discovered a problem with our KDC now running MIT 1.6.2. When a
>>> user changes their password (previous keys were created with our old kdc
>>> version 1.4.3 still work) with patches and then tries klog it longer
>>> grants tokens. klog returns "Unable to authenticate to AFS because
>>> password was incorrect." kinit and a subsequent aklog still works. Has
>>> anyone else seen this or have a fix?
>> What keys are you generating in the KDC for principals at password
> OpenAFS-info mailing list