On Fri, May 27, 2011 at 12:13, Jeff Blaine <jblaine@kickflop.net> wrote: > Okay, what did I do wrong? > MIT Kerberos 1.9.1 and OpenAFS 1.4.14 Recent Kerberos (both MIT and heimdal) disables DES by default; recent OpenAFS knows how to defeat this, but for kinit or kvno you'll need to do so in /etc/krb5.conf [libdefaults] allow_weak_crypto = true