[OpenAFS] Re: OpenAFS 1.6.0 with Microsoft Active Directory 2008 - Questions about DES

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 05 Jan 2012 16:51:28 -0500


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6B906647EADE5CFE35EBA803
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 1/5/2012 3:49 PM, Jeff White wrote:
> Valid starting     Expires            Service principal
> 01/05/12 15:28:51  01/06/12 01:28:54  krbtgt/PITT.EDU@PITT.EDU
>         renew until 01/12/12 15:28:51
> [root@afs-dev-03 ~]# aklog -d
> Authenticating to cell pitt.edu (server afs-dev-03.cssd.pitt.edu).
> Trying to authenticate to user's realm PITT.EDU.
> Getting tickets: afs/pitt.edu@PITT.EDU
> Kerberos error code returned by get_cred : -1765328370
> aklog: Couldn't get pitt.edu AFS tickets:
> aklog: unknown RPC error (-1765328370) while getting AFS tickets

Your error is "KDC has no support for encryption type".  Therefore,
either DES is not configured for the account the SPN
"afs/pitt.edu@PITT.EDU" is mapped to OR DES is still disabled for the
server.



--------------enig6B906647EADE5CFE35EBA803
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJPBhthAAoJENxm1CNJffh4RaUIAODCXmqwPIGFuBFIzoN4zJ04
yYrCjgIiwHL5TLXNp2vDzj8QTBt0cIQSALxVKRDSAoEdcfXm4TK7ecJxuhsTy3OH
IndsGCsXwiE/uR23HW06a3mpDPc+YmrS7MR2k32WNUA0tgNsF3fD1LhvlWy3HLYV
keP1LPEAt00P9Hh4OSldaKkPswMoq8PHu/jjomGhNp19pPAcf08R3OFl5oywLu55
JkC8/jGGHcYwV1UCrbEjLHUrAzomMSzxaWQItV0UqEzXrmkb99QARwnN3GCZwzEm
zNF84EMU7ftaK7Jk2nmz9AFTxtOMqAF752t6EPbbM5X9IXO2yFEql6xg5sgTMaY=
=StF4
-----END PGP SIGNATURE-----

--------------enig6B906647EADE5CFE35EBA803--