[OpenAFS] asetkey complains about keylength.

Mans Nilsson mansaxel@besserwisser.org
Tue, 31 Aug 2010 23:08:26 +0200


--MIdTMoZhcV1D07fI
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Subject: Re: [OpenAFS] asetkey complains about keylength. Date: Tue, Aug 31=
, 2010 at 02:02:52PM -0700 Quoting Russ Allbery (rra@stanford.edu):
> Mans Nilsson <mansaxel@besserwisser.org> writes:
>=20
> > I'm setting up a new cell on Solaris, using self-built 1.4.12.1. My kdc
> > is Heimdal. When trying to create a KeyFile from the ktutil-gotten file,
> > asetkey complains that
>=20
> > Key length should be 8, but is really 1
>=20
> Are you sure that the key you created is DES-only?

Not 100% positive, no. Will check this once I'm in position to reach
the systems at work.
=20
> Also, if you're using Heimdal, you don't need asetkey (or aklog).  Heimdal
> comes with tools that can handle this.  Use the Heimdal kadmin program's
> ext_keytab command to create the keytab and give the filename as:
>=20
>     AFSKEYFILE:/path/to/KeyFile
>=20
> and Heimdal can write out that format directly.

I remember Harald performing such rituals now that you mention it. Thanks.=
=20

> > asetkey and aklog were built after manually adding
> > -I/usr/heimdal/include and -lkrb5 to compilation invocations, since the
> > usual tricks did not work.=20
>=20
> This should be fixed in 1.5.

Good.=20

--=20
M=C3=A5ns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
I want you to organize my PASTRY trays ... my TEA-TINS are gleaming in
formation like a ROW of DRUM MAJORETTES -- please don't be FURIOUS with me =
--

--MIdTMoZhcV1D07fI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (SunOS)

iEYEARECAAYFAkx9b0kACgkQ02/pMZDM1cXI2QCfXPcJn9j/XA/Rf3SiVue8ZsL6
5q4An2E1VfTYIXLW+N1F0oIQs0d7qre5
=B29H
-----END PGP SIGNATURE-----

--MIdTMoZhcV1D07fI--