[OpenAFS] Kerberos5 and afs

Steve Devine sdevine@msu.edu
Thu, 15 Nov 2007 16:45:41 -0500

Forgive the slightly off topic post but I think it applies here as well 
on the kerberos list
Several years ago we moved to MIT kerberos 5. At the time I set the 
master key in the  kdc.conf  to:
master_key_type = des-cbc-crc
I did this to allow transfer of principals from our old kaserver to the 
new kdc.
Now we are trying to get Windows 2003 AD to auth against our Kerberos 
server and it seems that it will not work with our kdc as it is configured.
My question is am I screwed here or just missing something easy?  I have 
tried multiple allowed enctypes and still no luck.
If I build a kdc without specifying a master key it seems to work.
Have any others done this same thing?

Steve Devine
Network Storage & Printing
Academic Computing & Network Services
Michigan State University

506 Computer Center
East Lansing, MI 48824-1042

Baseball is ninety percent mental; the other half is physical.
- Yogi Berra