AW: [OpenAFS] unknown RPC error (-1765328370) while getting AFS
tickets
Stefan Michael Guenther
s.guenther@in-put.de
Wed, 28 Mar 2012 00:48:43 +0200
------=_Part_1740_24191212.1332888524802
Subject: AW: [OpenAFS] unknown RPC error (-1765328370) while getting AFS
tickets
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,
> specifically, your /etc/krb5.conf should have allow_weak_crypto =3D true
> in the [libdefaults] section.
>=20
unfortunately this didn't change anything, still the same problem.
Stefan
> i tried to add this info to the afslore wiki but it didnt seem to take.
>=20
> On Tue, 27 Mar 2012 07:49:53 -0400
> Derrick Brashear <shadow@gmail.com> wrote:
>=20
> > https://lists.openafs.org/pipermail/openafs-info/2011-June/036188.html
> >=20
> > On Tue, Mar 27, 2012 at 3:45 AM, Stefan Michael Guenther
> > <s.guenther@in-put.de> wrote:
> > > Hello,
> > >
> > > I'm currently trying to setup OpenAFS 1.6.0-1 together with MIT Kerberos=20
> 1.9.1 on an Ubuntu System.
> > >
> > > All necessary processes are running but something seems to be wrong with my=20
> Kerberos configuration:
> > >
> > > intranet:/var/log# kinit admin
> > > Password for admin@IN-PUT.DE:
> > >
> > > intranet:/var/log# klist
> > > Ticket cache: FILE:/tmp/krb5cc_0
> > > Default principal: admin@IN-PUT.DE
> > >
> > > Valid starting =C2=A0 =C2=A0 Expires =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Service principal
> > > 03/27/12 09:13:32 =C2=A003/27/12 19:13:32 =C2=A0krbtgt/IN-PUT.DE@IN-PUT.DE
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0renew until 03/28/12 09:13:29
> > >
> > >
> > > intranet:/var/log# aklog -d
> > > Authenticating to cell IN-PUT.DE (server intranet.in-put.de).
> > > Trying to authenticate to user's realm IN-PUT.DE.
> > > Getting tickets: afs/IN-PUT.DE@IN-PUT.DE
> > > We've deduced that we need to authenticate to realm IN-PUT.DE.
> > > Getting tickets: afs/IN-PUT.DE@IN-PUT.DE
> > > Getting tickets: afs/IN-PUT.DE@IN-PUT.DE
> > > Getting tickets: afs@IN-PUT.DE
> > > Kerberos error code returned by get_cred : -1765328370
> > > aklog: Couldn't get IN-PUT.DE AFS tickets:
> > > aklog: unknown RPC error (-1765328370) while getting AFS tickets
> > >
> > >
> > > According to a number of postings the error is related to ticket=20
> encryption, but I guess I have the right settings in the Kerberos config files:
> > >
> > > /etc/krb5.conf
> > > -------------------
> > >
> > > [libdefaults]
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0default_realm =3D IN-PUT.DE
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0krb4_config =3D /etc/krb.conf
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0krb4_realms =3D /etc/krb.realms
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0kdc_timesync =3D 1
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0ccache_type =3D 4
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0forwardable =3D true
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0proxiable =3D true
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0fcc-mit-ticketflags =3D true
> > >
> > > [realms]
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0IN-PUT.DE =3D {
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0kdc =3D intranet.in-put.de
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0admin_server =3D intranet.in-put.de
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0}
> > >
> > > [domain_realm]
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0.in-put.de =3D IN-PUT.DE
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0in-put.de =3D IN-PUT.DE
> > >
> > > [login]
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0krb4_convert =3D true
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0krb4_get_tickets =3D false
> > >
> > > /etc/krb5kdc/kdc.conf
> > > ------------------------------
> > >
> > > [kdcdefaults]
> > > =C2=A0 =C2=A0kdc_ports =3D 750,88
> > >
> > > [realms]
> > > =C2=A0 =C2=A0IN-PUT.DE =3D {
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0database_name =3D /var/lib/krb5kdc/principal
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0admin_keytab =3D FILE:/etc/krb5kdc/kadm5.keytab
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0acl_file =3D /etc/krb5kdc/kadm5.acl
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0key_stash_file =3D /etc/krb5kdc/stash
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0kdc_ports =3D 750,88
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0max_life =3D 10h 0m 0s
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0max_renewable_life =3D 7d 0h 0m 0s
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0master_key_type =3D des3-hmac-sha1
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0supported_enctypes =3D #supported_enctypes =3D aes256-cts:normal=20
> arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4=20
> des:norealm des:onlyrealm des:afs3
> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0default_principal_flags =3D +preauth
> > > =C2=A0 =C2=A0}
> > >
> > > Thanks for any hints or suggestions,
> > >
> > > Stefan
> >=20
> >=20
> >=20
>=20
>=20
>
------=_Part_1740_24191212.1332888524802
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIAwggP6MIIC
4qADAgECAhABMT7oG0zXVZFanLKqoitQMA0GCSqGSIb3DQEBBQUAMD0xGTAXBgNVBAMMEHphcmFm
YS5pbi1wdXQuZGUxIDAeBgkqhkiG9w0BCQEWEWtvbnRha3RAaW4tcHV0LmRlMB4XDTExMDcxNzIw
MjAyNFoXDTE2MDcxNjIwMjAyNFowUTEqMCgGA1UEAwwhaW4tcHV0IEdiUiAtIERhcyBMaW51eC1T
eXN0ZW1oYXVzMSMwIQYJKoZIhvcNAQkBFhRzLmd1ZW50aGVyQGluLXB1dC5kZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAIoX8pc75fnlQSvSLGcOEo8Pt9+s2zqoXpLLOWP6oC2CV/cs
bbAXs9aooCLtzmF2/Wyz7Hi7c1mPscBrGNAGLu3BgawIWXKOn536lKwE/rFQroy2S8TI26gsNUZQ
q403bfr/HtIExxmtcC/3EBYHA4by0BKzRcQ/psGgdB2cF8XmQq/ipnMeWKxbE6GpcCmMgjJ7gZG4
1vHVN5MnWPLbY1CJRDEBJ7/RkkH1ENyxZrDtP+GRKdI+hfPNxavE+lsdcP0W+F8UDvEYsct9E1kY
wbFbhFpN7PpX5was/pZPenm1zQaBVL6GLIBjRl4TW4cJQQ7PyYs2mbDgNRRdi142Jo8CAwEAAaOB
4TCB3jAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB8GA1Ud
EQQYMBaBFHMuZ3VlbnRoZXJAaW4tcHV0LmRlMB0GA1UdDgQWBBTm82VPfpqwUUCjWKrRKUoidG56
mTBtBgNVHSMEZjBkgBTY+cvrCj5GxWmnRswmXAVX65lEAaE6pDgwNjESMBAGA1UEAwwJaW4tcHV0
LmRlMSAwHgYJKoZIhvcNAQkBFhFrb250YWt0QGluLXB1dC5kZYIQATE+50zQzCYKvKydBpV5ZTAN
BgkqhkiG9w0BAQUFAAOCAQEAJFbiQGlAmr9ALoDXUgznLtfLOT0TP7WVkvAjSn5mjDGhQnpgzaEe
Io+EyZYyZ6u6zXIoVF2L2C5hW3nAZX/FKftFWt40Inxd1XsQv9L/XCofAttyRkpXwBBz1GHQjWCi
OfzDkk0/DPKgnVQCNUsEtcAQLwxUihSLzc35SwuT5kAPqCBsUzzLydzdtjualMIf0F/i/RD8dlXC
vXw/gGOlkxOEJzxTQl5hEhM0EO5PEG9vOqxgC34WUEZzAUPE9+dk0lDIDMAmY+YlfM7HdtjUxs2m
GEL3/ydYAUkenfyK01Kg8KaX4vB17SehSS6I/WM+ccNIGRsfdJE4sj2So/2vYTCCA9IwggK6oAMC
AQICEAExPudM0MwmCrysnQaVeWUwDQYJKoZIhvcNAQEFBQAwNjESMBAGA1UEAwwJaW4tcHV0LmRl
MSAwHgYJKoZIhvcNAQkBFhFrb250YWt0QGluLXB1dC5kZTAeFw0xMTA3MTcyMDE5MzFaFw0xNjA3
MTYyMDE5MzFaMD0xGTAXBgNVBAMMEHphcmFmYS5pbi1wdXQuZGUxIDAeBgkqhkiG9w0BCQEWEWtv
bnRha3RAaW4tcHV0LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0NiLbVnRL10
KyMDuzmcu5Y2/J9WkSOzD+hCLwMuUGWaufOjz02h3H/qPW68p/umagMcnKLnY9v3B63WTZheydnG
T5D8fbUBHuEGEr6CgScBuIgBKYUk/Z+Rs/pwtYh9JBOLbS7N71WouTdDfkAdHXtH3kF1aWR/gFQ7
scoOY9cUFSWuVIxidyA3IpyFJei/QifP+IHZCSouM5fPmhkLNrJ2VmpSImsFu7G+mLRHxO4MxTHs
xXi3kP/9rNRujAj7T39TtzISeFlMW9CTOg5+T48dv1Gjj6K911n9XrKHuWcLz//ye1Kp483eton3
thiqjxcJgXGu322HOyu/5KXAXQIDAQABo4HUMIHRMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0P
AQH/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU2PnL6wo+
RsVpp0bMJlwFV+uZRAEwbQYDVR0jBGYwZIAUpSx53TllpdJIaOFIZvCnqozbAGahOqQ4MDYxEjAQ
BgNVBAMMCWluLXB1dC5kZTEgMB4GCSqGSIb3DQEJARYRa29udGFrdEBpbi1wdXQuZGWCEAExPudM
slJQzz0F6WRzmaswDQYJKoZIhvcNAQEFBQADggEBAKQsbsSJnGCtVKwlwY1V2te1lbM7giMmvqej
sdHjBfdhw8qAaOh7ZAUrJOpkdxSASum4RRW41qIY1r3/cZpbz0B9Re8X4afOmiat3mxHw7t2/H/C
y+55iM8G9VxQE2T7WJRcVqFI9+73SbufYo0+M6WKst4FnBPgpn72vtwGI0zPkWUCcFm9OfAtMsB2
SiLWaWAY08kbY8eN57oE5wCAHq6o2Tr+o0UXaYCF8svTTwFYmQneJY/g4BwALhYmhR0RmdEjENsc
KFOEiBBBKfCunHyl2lhlnv/o5z4z1sfTNdfqQgjfK6HuxtS1nihsmyCYL+jZiA2sSjSvyqIlJgqW
rcQwggNaMIICQqADAgECAhABMT7nTLJSUM89Belkc5mrMA0GCSqGSIb3DQEBBQUAMDYxEjAQBgNV
BAMMCWluLXB1dC5kZTEgMB4GCSqGSIb3DQEJARYRa29udGFrdEBpbi1wdXQuZGUwHhcNMTEwNzE3
MjAxOTMxWhcNMjEwNzE1MjAxOTMxWjA2MRIwEAYDVQQDDAlpbi1wdXQuZGUxIDAeBgkqhkiG9w0B
CQEWEWtvbnRha3RAaW4tcHV0LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp94r
YX6muKk3O6YZdDEuVFevzXFJ8KKmdCtKXQahQLrSNx/Gmal5/ilUgqD7GX+HysoyXwkf0GTUkbTN
zFCMXJ59LfbG52W8iz10rAKbbzbr9ttaVwOadxHp94x8E7jokJJfnaseF+3/caNtY5WAU3JNZDor
/2hNpMEM4ZkrMlgYvP6WJsCg2deseyeKVJI1t45GzVWq5tgerxx+HkPHLr1FiNO/qmXTaF4spTYB
zNNmLga/5rm/dfLlVabzPYcQP8sW7FcYt3MmI5h1ZvsKb9/fdhTCZSEFbK+h/eJARrfA7SWD5SzB
o1UaTNUPR8C5cJ4il263u9DoMx0rbEh86QIDAQABo2QwYjASBgNVHRMBAf8ECDAGAQH/AgEBMA4G
A1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFKUs
ed05ZaXSSGjhSGbwp6qM2wBmMA0GCSqGSIb3DQEBBQUAA4IBAQCkrE/V5+cb8THZHHNwetbcsU22
JZu0S8aMOwFhnc7XBkiMpFgckd9qttmNlHl4vCfUTaoCw20HjBNWLGx9FPMPtgZqGbv05PU5FrVu
skP/Wx2w69GmEgze1f9PEEIKwH0RP+90wdAkwRSB6F8N8h6VkQDQ9KCYmSeqwhA4jEFYOgTuZB+o
1P7V45mYO8hbqlXr8Eyvz8ALFcH540Uexrkr9BpXXJIlUOy28CC4lwAwdQTyiuDS4ne4t33qILjm
gxrIw+uQoSGiuYjz/BczckMlD+me9CrSHbFewR9xmL6r7rg+4dBZEmhTTy6x8WyWUrS0zOiMvVMR
YxvVXEUs8rURAAAxggJ5MIICdQIBATBRMD0xGTAXBgNVBAMMEHphcmFmYS5pbi1wdXQuZGUxIDAe
BgkqhkiG9w0BCQEWEWtvbnRha3RAaW4tcHV0LmRlAhABMT7oG0zXVZFanLKqoitQMAkGBSsOAwIa
BQCggf4wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIwMzI3MjI0
ODQ0WjAjBgkqhkiG9w0BCQQxFgQUmAWyp46r14mZgKB2hd1nrYMo7ugwgZ4GCSqGSIb3DQEJDzGB
kDCBjTALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAO
BggqhkiG9w0DAgICAIAwDwYJKoZIhvZ9B0IKAgIAgDANBgsqgwiMmks9AQEBBDANBgsqgwiMmks9
AQEBAzANBgsqgwiMmks9AQEBAjAKBggqgxqMmkQBBDANBgkqhkiG9w0BAQEFAASCAQAsee7u75Zj
uo/pDPuyxb8lYXjJFMzRwPyUgpq7RmI5wxS+n/27jRmB+I4AOUlnffFftDq5EMcdaiZfnFQmlmrS
Bo70XMa5kST9cslmnad27D8IS2srfYCXk+Ua+kj48LgzrLQnLV4d6OLWDWHgB6xQF74pFNwsCo91
VunRN7xebzZ6EKa/vCC/XaFQ3xfFpR1naeQyf7TTIlNWMrVr7rUkQvyQ6elY6Q4j7tck/UMshMCa
Bz+DoUevudRcIcC3AVryRBea8RgDWvG6UPODqj9KmlKnTWTDBG6B2klM4sMV0makkjLv0CeVOxYg
4qRZ/xieq52CFrPApWRCqAoqUZwWAAAAAAAA
------=_Part_1740_24191212.1332888524802--