[OpenAFS] Can't get tokens since upgrading to 1.7.6 and Heimdal

David Goldberg david.goldberg6@verizon.net
Wed, 22 Feb 2012 08:44:31 -0500 

------MYV5X0H0OTH84HCRLGU1A3J9BJLXB6
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 8bit

Earlier this week I upgraded to openafs 1.7.6 and also installed Heimdal (and removed mit kfw) per the recommendation. I added in the allow_weak_crypto line to my krb.conf as well. I am able to get the kerberos ticket but aklog fails, as does the network id manager, to get tokens with the attached error. I've not seen other complaints here or anywhere else google can find so I am assuming something in my configuration is off but I don't know where to look. Any help greatly appreciated.

$ klist
Credentials cache: API:krb5cc-dba86dd0-5979-11e1-9be4-f2320680bc92
Principal: dsg@SUB.MY.ORG

Issued Expires Principal
Feb 20 22:21:22 2012 Feb 24 10:12:56 2012 krbtgt/SUB.MY.ORG@SUB.MY.ORG
$ aklog -d
Authenticating to cell sub.my.org.
Getting v5 tickets: afs/sub.my.org@SUB.MY.ORG
Getting v5 tickets: afs/sub.my.org@MY.ORG
Getting v5 tickets: afs@MY.ORG
Kerberos error code returned by get_cred: -1765328377
aklog.exe: Couldn't get sub.my.org AFS tickets: UNKNOWN_SERVER
$


Thanks
-- 
Dave Goldberg
david.goldberg6@verizon.net
------MYV5X0H0OTH84HCRLGU1A3J9BJLXB6
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: 8bit

Earlier this week I upgraded to openafs 1.7.6 and also installed Heimdal (and removed mit kfw) per the recommendation. I added in the allow_weak_crypto line to my krb.conf as well. I am able to get the kerberos ticket but aklog fails, as does the network id manager, to get tokens with the attached error. I&#39;ve not seen other complaints here or anywhere else google can find so I am assuming something in my configuration is off but I don&#39;t know where to look. Any help greatly appreciated.<br>
<br>
 $ klist<br>
Credentials cache: API:krb5cc-dba86dd0-5979-11e1-9be4-f2320680bc92<br>
        Principal: dsg@SUB.MY.ORG<br>
<br>
  Issued                Expires               Principal<br>
Feb 20 22:21:22 2012  Feb 24 10:12:56 2012  krbtgt/SUB.MY.ORG@SUB.MY.ORG<br>
$ aklog -d<br>
Authenticating to cell <a href="http://sub.my.org">sub.my.org</a>.<br>
Getting v5 tickets: afs/<a href="http://sub.my.org">sub.my.org</a>@SUB.MY.ORG<br>
Getting v5 tickets: afs/<a href="http://sub.my.org">sub.my.org</a>@MY.ORG<br>
Getting v5 tickets: afs@MY.ORG<br>
Kerberos error code returned by get_cred: -1765328377<br>
aklog.exe: Couldn&#39;t get <a href="http://sub.my.org">sub.my.org</a> AFS tickets: UNKNOWN_SERVER<br>
$<br>
 <br>
<br>
Thanks<br>
-- <br>
Dave Goldberg<br>
david.goldberg6@verizon.net
------MYV5X0H0OTH84HCRLGU1A3J9BJLXB6--