[OpenAFS] kaserver.DB0 converted, no success authenticating
Kevin Coffman
kwc@citi.umich.edu
Mon, 29 Oct 2007 13:39:28 -0400
On 10/29/07, Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
> >Oct 29 12:58:13 silmaril krb5kdc[13245](info): AS_REQ (7 etypes {18 17
> >16 23 1 3 2}) xxx.xx.11.213: DECRYPT_CLIENT_KEY: jblaine@RCF.FOO.COM for
> >krbtgt/RCF.FOO.COM@RCF.FOO.COM, Decrypt integrity check failed
>
> One little thing I always forget about afs2k5db .... it currently only
> works if your master key is single-DES (in theory this isn't hard to fix,
> but see previous comments about time, interest, etc etc). Judging by
> this error, the client keys are not encrypted properly in the database.
> I am guessing that your K/M principal is something other than single-DES.
Could changing realm names be another possibility? Jeff, are you
using the same realm name in your KDC as in the kaserver?