[OpenAFS] KdcUseReqEtype changed another problem occured...
Lars Schimmer
l.schimmer@cgv.tugraz.at
Sat, 27 Jul 2013 13:53:37 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ADkhekmMeAhf4NKrVkxRNaKs4XINgO5hU
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 27.07.2013 10:51, Lars Schimmer wrote:
> On 2013-07-26 22:30, Andrew Deason wrote:
>> On Fri, 26 Jul 2013 14:07:46 +0200
>> Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
>>
>>> Ok, now with access to such a machine:
>>> krbtgt/CGV.TUGRAZ.AT@CGV.TUGRAZ.AT
>>> Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 C=
TS
>>> mode with 96-bit SHA-1 HMAC
>>> afs/cgv.tugraz.at/CGV.TUGRAZ.AT
>>> Etype /skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with
>>> 96-bit SHA-1 HMAC
>>
>> By any chance, do you happen to have the registry entry
>>
>> HKLM\SYSTEM\CurrentControlSet\services\kdc\KdcUseRequestedEtypesForTic=
kets
>>
>> set to 1? That seems like it may cause that behavior, from a quck test=
I
>> just did.
>=20
> Yes, I did set it.
>=20
> Lets see what happens if I set it to 0.
Ok, the windows machines (I tested now with 1.7.2601 OpenAFS windows)
get a token on login and can access the OpenAFS filespace as usual.
That entry really did a change.
BUT on my laptop I get now this error:
PS C:\Program Files (x86)\MIT\Kerberos\bin> kinit lschimmer
Password for lschimmer@CGV.TUGRAZ.AT:
kinit.exe(v5): Ccache function not supported: read-only ccache type
while storing credentials
PS C:\Program Files (x86)\MIT\Kerberos\bin>
Even networkID manager does not show a ticket and klist -e does not show
anything, as I could not get a token with kinit/network ID manager..
What goes wrong now?
(it did well on the machine I tested first and which worked all the time
with 1.7.26...)
MfG,
Lars Schimmer
--=20
-------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
--ADkhekmMeAhf4NKrVkxRNaKs4XINgO5hU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHztMgACgkQmWhuE0qbFyPtvACeMmTBrZU8Xc4k5Bux6wmM/+19
UMsAn0jmnMmOu/H3+1ICwzzXCPEw/vhb
=2SBr
-----END PGP SIGNATURE-----
--ADkhekmMeAhf4NKrVkxRNaKs4XINgO5hU--