[OpenAFS] kaserver.DB0 converted, no success authenticating

Jeff Blaine jblaine@kickflop.net
Mon, 29 Oct 2007 13:09:26 -0400

Again, pardon the Kerberos/OpenAFS dual nature of this request.
I am posting here because it certainly seems related to the
conversion and I'd eventually like to document every hurdle
of this ping-pong bout.

I dumped kaserver.DB0, removed the AuthServer, afs, and
krbtgt principals at the top of the file, and loaded it
into my KDC.

I confirmed the new principals' existence via listprincs.

I am no longer able to authenticate as jblaine:

kadmin.local:  getprinc jblaine
Principal: jblaine@RCF.FOO.COM
Expiration date: Wed Dec 30 19:00:00 EST 2037
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 14 days 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Oct 29 12:37:53 EDT 2007 (jblaine@RCF.FOO.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 5, DES cbc mode with CRC-32, AFS version 3
Policy: [none]

jblaine% /usr/kerberos/bin/kinit
kinit(v5): Password incorrect while getting initial credentials

Oct 29 12:58:13 silmaril krb5kdc[13245](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) xxx.xx.11.213: DECRYPT_CLIENT_KEY: jblaine@RCF.FOO.COM for
krbtgt/RCF.FOO.COM@RCF.FOO.COM, Decrypt integrity check failed