[OpenAFS] Problem getting AFS tokens on debian...

Simon Wilkinson sxw@staffmail.ed.ac.uk
Mon, 18 Jan 2010 15:22:43 +0000


MIT Kerberos 1.8 disables DES by default. You can re-enable it by =20
setting allow_weak_enctypes on your krb5.conf

S.

Quoting Derrick Brashear <shadow@gmail.com>:

> On Mon, Jan 18, 2010 at 9:37 AM, Jan Pospisil <honik@kma.zcu.cz> wrote:
>> Hello OpenAFS gurus :),pp
>>
>> I am having problems getting AFS tokens probably after one of recent syst=
em
>> upgrade. I am using debian testing on x86_64 with
>> - *krb5* version 1.8+dfsg~alpha1-2
>> - *openafs* version 1.4.11+dfsg-6
>> (in particular m-a build of openafs-modules-2.6.30-2-amd64 version
>> 1.4.11+dfsg-6+2.6.30-8squeeze1)
>> - kernel from linux-image-2.6.30-2-amd64 ver. 2.6.30-8squeeze1
>>
>> The afsd is runnig fine, I can see the AFS tree, I have the proper krb5
>> tickets, but I am not able to get the AFS tokens:
>>
>> honik@aither:~$ klist -e
>> Ticket cache: FILE:/tmp/krb5cc_6141
>> Default principal: honik@ZCU.CZ
>>
>> Valid starting =A0 =A0 Expires =A0 =A0 =A0 =A0 =A0 =A0Service principal
>> 01/18/10 15:21:14 =A001/18/10 23:21:10 =A0krbtgt/ZCU.CZ@ZCU.CZ
>> =A0 =A0 =A0 =A0renew until 02/02/10 15:21:10, Etype (skey, tkt): AES-256 =
CTS mode
>> with 96-bit SHA-1 HMAC, Triple DES cbc mode with HMAC/sha1
>>
>> honik@aither:~$ aklog -d -c zcu.cz
>> Authenticating to cell zcu.cz (server oknos.zcu.cz).
>> Trying to authenticate to user's realm ZCU.CZ.
>> Getting tickets: afs/zcu.cz@ZCU.CZ
>> Kerberos error code returned by get_cred : -1765328184
>> aklog: Couldn't get zcu.cz AFS tickets:
>> aklog: unknown RPC error (-1765328184) while getting AFS tickets
>
> they're just standard krb5 errors.
>
> #define KRB5_CC_NOT_KTYPE                        (-1765328184L)
>
>> honik@aither:~$ klog
>> klog: unknown RPC error (-1765328370) Unable to authenticate to use
>> afs/zcu.cz
>
> #define KRB5KDC_ERR_ETYPE_NOSUPP                 (-1765328370L)
>
> what key type is the AFS key?
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>



--=20
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.