AW: [OpenAFS] unknown RPC error (-1765328370) while getting AFS
tickets
Jeffrey Altman
jaltman@your-file-system.com
Tue, 27 Mar 2012 19:12:00 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB3BF2211EB975684A95C4B18
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 3/27/2012 6:53 PM, Stefan Michael Guenther wrote:
> Hi,
>=20
>> https://lists.openafs.org/pipermail/openafs-info/2011-June/036188.html=
>>
> "In other words, your KDC has support for DES-CBC-CRC turned off."
>=20
> Hm, in my /etc/krb5kdc/kdc.conf the list of enctypes contains des-cbc-c=
rc:
>=20
> supported_enctypes =3D aes256-cts:normal arcfour-hmac:normal de=
s3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:=
onlyrealm des:afs3
>=20
> Shouldn't this be enough?
>=20
> Stefan
No.
MIT Kerberos 1.9.x does not support DES enctypes by default. You must
enable the support via the
[libdefaults]
enable_weak_crypto =3D true
option.
http://web.mit.edu/kerberos/krb5-1.9/krb5-1.9.3/doc/krb5-admin.html#libde=
faults
In addition, you need to have the DES-CBC-CRC enctype specified on the
afs service principal.
Jeffrey Altman
--------------enigB3BF2211EB975684A95C4B18
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJPcklCAAoJENxm1CNJffh4hjUIAJCSJzGSc894vgHjoKbFpQhi
HeMHM7NHsGhokhm+WL8DaTKint8xglBdC2SLoy42ciS0tKJrtX+eEZNTi0wi0lw8
FBEh9QEDX06TQrlNj4atd+yRypqYzPESTXvQahNcKE5HMJH9TLIxty6wf/00X8VA
lMUTG5/eY4AXmnq5ARHh0SfDyf3lfoh+eY8yXafXECVcDNipbalex8bAJKlHAplL
vBwG2Osk8KBd2xtNJIsZssWplXaI8J6S+BGmE8qFfVfM7yT3Ml+Mp/pYxeCWVMKQ
n/i1IM/xtkdzvgqbKjFXIRZl8tUCEfvoUCN+e1u88G1pl/r5EtgeA1BRLtwU5tk=
=OxWC
-----END PGP SIGNATURE-----
--------------enigB3BF2211EB975684A95C4B18--