[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad error=19270407, arghhhh

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 10 Jan 2007 12:51:40 -0500


DES-CBC-CRC and DES-CBC-MD5 use the same DES key and
DES-CBC-MD5 is supported by OpenAFS 1.4.x.

That is not your problem.

There are many reasons a bad ticket error can be produced.
One is that the stored key doesn't match the one used to
encrypt the server portion of the service ticket.  The
problem could be the salt used when generating the key from
the password.

Look back in this thread for e-mails from Doug describing
how to check the salt and from Marcus on how to test that
your key is valid.


John W. Sopko Jr. wrote:
> I think the problem is the afs/cs.unc.edu service key
> is the wrong encryption type even thought I checked the
> "Use DES encryption type for this account" in the gui.
> IT is using DES but with RSA-MD5 as shown in kinit -e.