[OpenAFS] Re: IPA + OpenAFS

Andrew Deason adeason@sinenomine.net
Thu, 12 Jul 2012 14:49:39 -0500


On Thu, 12 Jul 2012 15:39:05 -0400
Qing Chang <qchang@sri.utoronto.ca> wrote:

> I did use asetkey to add the key with thr right vno to KeyFile. But I
> was wrong in assuming that I got a keytab with salt:
> =====
> kadmin.local:   ktadd -e des-cbc-crc:v4 -k /tmp/openafs afs/openafs.sri.utoronto.ca
[...]
> kadmin.local:  getprinc afs/openafs.sri.utoronto.ca
[...]
> Key: vno 20, des-cbc-crc, no salt
> 
> I am asking a solution on FreeIPA list to create a keytab with salt
> for cbc, in the mean time, does anyone know definitively if the keytab
> has to phave salt?

No, that's fine. iirc, that's what a v4 salt is: no salt. What exactly
did you run when you ran asetkey? Check:

asetkey list
bos listkeys <server> -local

To see if they list a key with kvno 20. Do not send the output of those
commands to the list, just say which kvnos are listed.

-- 
Andrew Deason
adeason@sinenomine.net