[OpenAFS] kaserver.DB0 converted, no success authenticating

Kevin Coffman kwc@citi.umich.edu
Mon, 29 Oct 2007 13:39:28 -0400

On 10/29/07, Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
> >Oct 29 12:58:13 silmaril krb5kdc[13245](info): AS_REQ (7 etypes {18 17
> >16 23 1 3 2}) xxx.xx.11.213: DECRYPT_CLIENT_KEY: jblaine@RCF.FOO.COM for
> >krbtgt/RCF.FOO.COM@RCF.FOO.COM, Decrypt integrity check failed
> One little thing I always forget about afs2k5db .... it currently only
> works if your master key is single-DES (in theory this isn't hard to fix,
> but see previous comments about time, interest, etc etc).  Judging by
> this error, the client keys are not encrypted properly in the database.
> I am guessing that your K/M principal is something other than single-DES.

Could changing realm names be another possibility?  Jeff, are you
using the same realm name in your KDC as in the kaserver?