[OpenAFS] klog.krb5 incompatible with Heimdal 1.5.1?

Harald Barth haba@kth.se
Thu, 13 Oct 2011 16:34:55 +0200 (CEST)


> Oct 13 15:37:14 remus kdc[771]: AS-REQ ahaupt@IFH.DE from IPv4:141.34.2.11 for afs@IFH.DE
> Oct 13 15:37:14 remus kdc[771]: Client sent patypes: encrypted-timestamp, 149
> Oct 13 15:37:14 remus kdc[771]: Looking for PKINIT pa-data -- ahaupt@IFH.DE
> Oct 13 15:37:14 remus kdc[771]: Looking for ENC-TS pa-data -- ahaupt@IFH.DE
> Oct 13 15:37:14 remus kdc[771]: ENC-TS Pre-authentication succeeded -- ahaupt@IFH.DE using aes256-cts-hmac-sha1-96
> Oct 13 15:37:14 remus kdc[771]: AS-REQ authtime: 2011-10-13T15:37:14 starttime: unset endtime: 2011-10-14T16:37:11 renew till: 2011-11-12T14:37:11
> Oct 13 15:37:14 remus kdc[771]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4, using aes256-cts-hmac-sha1-96/des-cbc-md5
> Oct 13 15:37:14 remus kdc[771]: Requested flags: renewable, forwardable
> Oct 13 15:37:14 remus kdc[771]: sending 679 bytes to IPv4:141.34.2.11

Here we give something back on a AS-REQ and then that's it?


> Oct 13 15:46:14 remus kdc[771]: TGS-REQ ahaupt@IFH.DE from IPv4:141.34.2.11 for afs@IFH.DE [canonicalize, renewable, forwardable]
> Oct 13 15:46:14 remus kdc[771]: TGS-REQ authtime: 2011-10-13T15:46:14 starttime: 2011-10-13T15:46:14 endtime: 2011-10-14T16:46:12 renew till: 2011-11-12T14:46:12
> Oct 13 15:46:14 remus kdc[771]: sending 589 bytes to IPv4:141.34.2.11

Here we get much further and then give something back on a TGS-REQ.

Now we need a comment on what klog.krb5 is supposed to ask for and in what order.

And if someone can summarieze the request types and what they do for
me that would be great ;)

Harald.