[OpenAFS] issue with OSx Lion

Derrick Brashear shadow@gmail.com
Tue, 2 Aug 2011 10:49:48 -0400


On Tue, Aug 2, 2011 at 10:36 AM, Simon Wilkinson <sxw@inf.ed.ac.uk> wrote:
> On 2 Aug 2011, at 15:09, Derrick Brashear <shadow@gmail.com> wrote:
>
>> #define KRB5_PROG_ETYPE_NOSUPP =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 (-176=
5328234L)
>>
>> set the
>> allow_weak_crypto =3D yes
>> option in /Library/Preferences/edu.mit.Kerberos
>
> Firstly, I thought that the 1.6 aklog converted both Kerberos and AFS err=
ors into text. Secondly, aklog should be telling Kerberos to allow the use =
of single DES enctypes, without requiring allow_weak_crypto. Is this all br=
oken by Lion, or do you have an old aklog binary in your path?
>

That would presume the APIs needed to do both those things worked.
[scully:openafs/src/aklog] shadow% nm
/System//Library/Frameworks/Kerberos.framework/Kerberos|egrep -i
'krb5_enctype_enable|krb5_allow_weak_crypto'
[scully:openafs/src/aklog] shadow%

So, you can't have that.

The error_table call should be supported but I haven't looked yet to
see why it fails. It's not a dummy call in MITKerberosShim.


--=20
Derrick