[OpenAFS] ADS and MIT Kerberos transition auth continued
Eric Chris Garrison
ecgarris@iupui.edu
Fri, 17 Jul 2009 15:35:36 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Douglas E. Engert wrote:
> Can you run klist -e -t -K -k afstest-md5.keytab
> and verify that the key matches what asetkey has.
Thank you! This led to the solution... It did NOT match, as the key had
been added with bos addkey with the most recent service principal keytab
from the ADS admin, and I deleted and re-added it with asetkey and then it
did match, and now it works for BOTH realms.
Earlier, the ADS admin was automatically generating a key that used HMAC
with des-cbc-crc because it had solved a problem for another admin setting
up NFS, so he thought it was necessary.
Thanks again! This has been a frustrating project. Now to prepare to do
it in production.
Chris
- --
Eric Chris Garrison | Principal Mass Storage Specialist
ecgarris@iupui.edu | Indiana University - Research Storage
W: 317-278-1207 M: 317-250-8649 | Jabber IM: ecgarris@iupui.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKYNKIG2WsK8XoJWURAg0LAJ9pRyIpttFt+Lbiig5LrvZcVAsRQgCfRWvl
hO4fCbiMWh48dnLhjvQ9CJg=
=sl8k
-----END PGP SIGNATURE-----