[OpenAFS] unknown RPC error (-1765328370) while getting AFS tickets

Stefan Michael Guenther s.guenther@in-put.de
Tue, 27 Mar 2012 09:45:54 +0200


------=_Part_1604_18018537.1332834355134
Subject: unknown RPC error (-1765328370) while getting AFS tickets
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello,

I'm currently trying to setup OpenAFS 1.6.0-1 together with MIT Kerberos 1.9.1 on an Ubuntu System.

All necessary processes are running but something seems to be wrong with my Kerberos configuration:

intranet:/var/log# kinit admin
Password for admin@IN-PUT.DE:=20

intranet:/var/log# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@IN-PUT.DE

Valid starting     Expires            Service principal
03/27/12 09:13:32  03/27/12 19:13:32  krbtgt/IN-PUT.DE@IN-PUT.DE
=09renew until 03/28/12 09:13:29


intranet:/var/log# aklog -d
Authenticating to cell IN-PUT.DE (server intranet.in-put.de).
Trying to authenticate to user's realm IN-PUT.DE.
Getting tickets: afs/IN-PUT.DE@IN-PUT.DE
We've deduced that we need to authenticate to realm IN-PUT.DE.
Getting tickets: afs/IN-PUT.DE@IN-PUT.DE
Getting tickets: afs/IN-PUT.DE@IN-PUT.DE
Getting tickets: afs@IN-PUT.DE
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get IN-PUT.DE AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets


According to a number of postings the error is related to ticket encryption, but I guess I have the right settings in the Kerberos config files:

/etc/krb5.conf
-------------------

[libdefaults]
=09default_realm =3D IN-PUT.DE
=09krb4_config =3D /etc/krb.conf
=09krb4_realms =3D /etc/krb.realms
=09kdc_timesync =3D 1
=09ccache_type =3D 4
=09forwardable =3D true
=09proxiable =3D true
=09fcc-mit-ticketflags =3D true

[realms]
=09IN-PUT.DE =3D {
=09=09kdc =3D intranet.in-put.de=20
=09=09admin_server =3D intranet.in-put.de
=09}

[domain_realm]
=09.in-put.de =3D IN-PUT.DE
=09in-put.de =3D IN-PUT.DE

[login]
=09krb4_convert =3D true
=09krb4_get_tickets =3D false

/etc/krb5kdc/kdc.conf=20
------------------------------

[kdcdefaults]
    kdc_ports =3D 750,88

[realms]
    IN-PUT.DE =3D {
        database_name =3D /var/lib/krb5kdc/principal
        admin_keytab =3D FILE:/etc/krb5kdc/kadm5.keytab
        acl_file =3D /etc/krb5kdc/kadm5.acl
        key_stash_file =3D /etc/krb5kdc/stash
        kdc_ports =3D 750,88
        max_life =3D 10h 0m 0s
        max_renewable_life =3D 7d 0h 0m 0s
        master_key_type =3D des3-hmac-sha1
=09supported_enctypes =3D #supported_enctypes =3D aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
        default_principal_flags =3D +preauth
    }

Thanks for any hints or suggestions,

Stefan

------=_Part_1604_18018537.1332834355134
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIAwggP6MIIC
4qADAgECAhABMT7oG0zXVZFanLKqoitQMA0GCSqGSIb3DQEBBQUAMD0xGTAXBgNVBAMMEHphcmFm
YS5pbi1wdXQuZGUxIDAeBgkqhkiG9w0BCQEWEWtvbnRha3RAaW4tcHV0LmRlMB4XDTExMDcxNzIw
MjAyNFoXDTE2MDcxNjIwMjAyNFowUTEqMCgGA1UEAwwhaW4tcHV0IEdiUiAtIERhcyBMaW51eC1T
eXN0ZW1oYXVzMSMwIQYJKoZIhvcNAQkBFhRzLmd1ZW50aGVyQGluLXB1dC5kZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAIoX8pc75fnlQSvSLGcOEo8Pt9+s2zqoXpLLOWP6oC2CV/cs
bbAXs9aooCLtzmF2/Wyz7Hi7c1mPscBrGNAGLu3BgawIWXKOn536lKwE/rFQroy2S8TI26gsNUZQ
q403bfr/HtIExxmtcC/3EBYHA4by0BKzRcQ/psGgdB2cF8XmQq/ipnMeWKxbE6GpcCmMgjJ7gZG4
1vHVN5MnWPLbY1CJRDEBJ7/RkkH1ENyxZrDtP+GRKdI+hfPNxavE+lsdcP0W+F8UDvEYsct9E1kY
wbFbhFpN7PpX5was/pZPenm1zQaBVL6GLIBjRl4TW4cJQQ7PyYs2mbDgNRRdi142Jo8CAwEAAaOB
4TCB3jAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB8GA1Ud
EQQYMBaBFHMuZ3VlbnRoZXJAaW4tcHV0LmRlMB0GA1UdDgQWBBTm82VPfpqwUUCjWKrRKUoidG56
mTBtBgNVHSMEZjBkgBTY+cvrCj5GxWmnRswmXAVX65lEAaE6pDgwNjESMBAGA1UEAwwJaW4tcHV0
LmRlMSAwHgYJKoZIhvcNAQkBFhFrb250YWt0QGluLXB1dC5kZYIQATE+50zQzCYKvKydBpV5ZTAN
BgkqhkiG9w0BAQUFAAOCAQEAJFbiQGlAmr9ALoDXUgznLtfLOT0TP7WVkvAjSn5mjDGhQnpgzaEe
Io+EyZYyZ6u6zXIoVF2L2C5hW3nAZX/FKftFWt40Inxd1XsQv9L/XCofAttyRkpXwBBz1GHQjWCi
OfzDkk0/DPKgnVQCNUsEtcAQLwxUihSLzc35SwuT5kAPqCBsUzzLydzdtjualMIf0F/i/RD8dlXC
vXw/gGOlkxOEJzxTQl5hEhM0EO5PEG9vOqxgC34WUEZzAUPE9+dk0lDIDMAmY+YlfM7HdtjUxs2m
GEL3/ydYAUkenfyK01Kg8KaX4vB17SehSS6I/WM+ccNIGRsfdJE4sj2So/2vYTCCA9IwggK6oAMC
AQICEAExPudM0MwmCrysnQaVeWUwDQYJKoZIhvcNAQEFBQAwNjESMBAGA1UEAwwJaW4tcHV0LmRl
MSAwHgYJKoZIhvcNAQkBFhFrb250YWt0QGluLXB1dC5kZTAeFw0xMTA3MTcyMDE5MzFaFw0xNjA3
MTYyMDE5MzFaMD0xGTAXBgNVBAMMEHphcmFmYS5pbi1wdXQuZGUxIDAeBgkqhkiG9w0BCQEWEWtv
bnRha3RAaW4tcHV0LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0NiLbVnRL10
KyMDuzmcu5Y2/J9WkSOzD+hCLwMuUGWaufOjz02h3H/qPW68p/umagMcnKLnY9v3B63WTZheydnG
T5D8fbUBHuEGEr6CgScBuIgBKYUk/Z+Rs/pwtYh9JBOLbS7N71WouTdDfkAdHXtH3kF1aWR/gFQ7
scoOY9cUFSWuVIxidyA3IpyFJei/QifP+IHZCSouM5fPmhkLNrJ2VmpSImsFu7G+mLRHxO4MxTHs
xXi3kP/9rNRujAj7T39TtzISeFlMW9CTOg5+T48dv1Gjj6K911n9XrKHuWcLz//ye1Kp483eton3
thiqjxcJgXGu322HOyu/5KXAXQIDAQABo4HUMIHRMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0P
AQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU2PnL6wo+
RsVpp0bMJlwFV+uZRAEwbQYDVR0jBGYwZIAUpSx53TllpdJIaOFIZvCnqozbAGahOqQ4MDYxEjAQ
BgNVBAMMCWluLXB1dC5kZTEgMB4GCSqGSIb3DQEJARYRa29udGFrdEBpbi1wdXQuZGWCEAExPudM
slJQzz0F6WRzmaswDQYJKoZIhvcNAQEFBQADggEBAKQsbsSJnGCtVKwlwY1V2te1lbM7giMmvqej
sdHjBfdhw8qAaOh7ZAUrJOpkdxSASum4RRW41qIY1r3/cZpbz0B9Re8X4afOmiat3mxHw7t2/H/C
y+55iM8G9VxQE2T7WJRcVqFI9+73SbufYo0+M6WKst4FnBPgpn72vtwGI0zPkWUCcFm9OfAtMsB2
SiLWaWAY08kbY8eN57oE5wCAHq6o2Tr+o0UXaYCF8svTTwFYmQneJY/g4BwALhYmhR0RmdEjENsc
KFOEiBBBKfCunHyl2lhlnv/o5z4z1sfTNdfqQgjfK6HuxtS1nihsmyCYL+jZiA2sSjSvyqIlJgqW
rcQwggNaMIICQqADAgECAhABMT7nTLJSUM89Belkc5mrMA0GCSqGSIb3DQEBBQUAMDYxEjAQBgNV
BAMMCWluLXB1dC5kZTEgMB4GCSqGSIb3DQEJARYRa29udGFrdEBpbi1wdXQuZGUwHhcNMTEwNzE3
MjAxOTMxWhcNMjEwNzE1MjAxOTMxWjA2MRIwEAYDVQQDDAlpbi1wdXQuZGUxIDAeBgkqhkiG9w0B
CQEWEWtvbnRha3RAaW4tcHV0LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp94r
YX6muKk3O6YZdDEuVFevzXFJ8KKmdCtKXQahQLrSNx/Gmal5/ilUgqD7GX+HysoyXwkf0GTUkbTN
zFCMXJ59LfbG52W8iz10rAKbbzbr9ttaVwOadxHp94x8E7jokJJfnaseF+3/caNtY5WAU3JNZDor
/2hNpMEM4ZkrMlgYvP6WJsCg2deseyeKVJI1t45GzVWq5tgerxx+HkPHLr1FiNO/qmXTaF4spTYB
zNNmLga/5rm/dfLlVabzPYcQP8sW7FcYt3MmI5h1ZvsKb9/fdhTCZSEFbK+h/eJARrfA7SWD5SzB
o1UaTNUPR8C5cJ4il263u9DoMx0rbEh86QIDAQABo2QwYjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
A1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFKUs
ed05ZaXSSGjhSGbwp6qM2wBmMA0GCSqGSIb3DQEBBQUAA4IBAQCkrE/V5+cb8THZHHNwetbcsU22
JZu0S8aMOwFhnc7XBkiMpFgckd9qttmNlHl4vCfUTaoCw20HjBNWLGx9FPMPtgZqGbv05PU5FrVu
skP/Wx2w69GmEgze1f9PEEIKwH0RP+90wdAkwRSB6F8N8h6VkQDQ9KCYmSeqwhA4jEFYOgTuZB+o
1P7V45mYO8hbqlXr8Eyvz8ALFcH540Uexrkr9BpXXJIlUOy28CC4lwAwdQTyiuDS4ne4t33qILjm
gxrIw+uQoSGiuYjz/BczckMlD+me9CrSHbFewR9xmL6r7rg+4dBZEmhTTy6x8WyWUrS0zOiMvVMR
YxvVXEUs8rURAAAxggJ5MIICdQIBATBRMD0xGTAXBgNVBAMMEHphcmFmYS5pbi1wdXQuZGUxIDAe
BgkqhkiG9w0BCQEWEWtvbnRha3RAaW4tcHV0LmRlAhABMT7oG0zXVZFanLKqoitQMAkGBSsOAwIa
BQCggf4wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIwMzI3MDc0
NTU1WjAjBgkqhkiG9w0BCQQxFgQUuoWIg+Ick8MA1iOCBoA08dQHmjMwgZ4GCSqGSIb3DQEJDzGB
kDCBjTALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAO
BggqhkiG9w0DAgICAIAwDwYJKoZIhvZ9B0IKAgIAgDANBgsqgwiMmks9AQEBBDANBgsqgwiMmks9
AQEBAzANBgsqgwiMmks9AQEBAjAKBggqgxqMmkQBBDANBgkqhkiG9w0BAQEFAASCAQAVp1XECac4
s3AMV9E9K4kogyxcMpJtX9mszhmus7Wb3fT/oFR3TdfGupkHYYW6g2l07tx1cYTSn0Vhg8nZZ/IR
Yh/omMJJFo7O/RM5PRLNABOH9QxAW5vMUUZhJUdjJ9gwtWC+XdlRQ/KNizoTw4myYvI5BFClzjNl
xUOyOZLcpwmKOV3Jl4tIxoQSmCtNbwCE7ljPrvLdtOCNx4EVsecI6YmPZo/tHxtpw3jueW9RavhO
EQAAawB0YXnEYqoU0J/dxKi9bJTdPcFH8sNRAVQYK+eWVJeX9L39w+y0r8Zyh5i5O/hij4RgX/Av
4lY5MLOBI1vOMdJjgPwYrbjETPCfAAAAAAAA
------=_Part_1604_18018537.1332834355134--