[OpenAFS] KdcUseReqEtype changed another problem occured...

Lars Schimmer l.schimmer@cgv.tugraz.at
Sat, 27 Jul 2013 13:53:37 +0200

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 27.07.2013 10:51, Lars Schimmer wrote:
> On 2013-07-26 22:30, Andrew Deason wrote:
>> On Fri, 26 Jul 2013 14:07:46 +0200
>> Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
>>> Ok, now with access to such a machine:
>>> Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 C=
>>> mode with 96-bit SHA-1 HMAC
>>> afs/cgv.tugraz.at/CGV.TUGRAZ.AT
>>> Etype /skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with
>>> 96-bit SHA-1 HMAC
>> By any chance, do you happen to have the registry entry
>> HKLM\SYSTEM\CurrentControlSet\services\kdc\KdcUseRequestedEtypesForTic=
>> set to 1? That seems like it may cause that behavior, from a quck test=
>> just did.
> Yes, I did set it.
> Lets see what happens if I set it to 0.

Ok, the windows machines (I tested now with 1.7.2601 OpenAFS windows)
get a token on login and can access the OpenAFS filespace as usual.
That entry really did a change.

BUT on my laptop I get now this error:
PS C:\Program Files (x86)\MIT\Kerberos\bin> kinit lschimmer
Password for lschimmer@CGV.TUGRAZ.AT:
kinit.exe(v5): Ccache function not supported: read-only ccache type
while storing credentials
PS C:\Program Files (x86)\MIT\Kerberos\bin>

Even networkID manager does not show a ticket and klist -e does not show
anything, as I could not get a token with kinit/network ID manager..

What goes wrong now?

(it did well on the machine I tested first and which worked all the time
with 1.7.26...)

Lars Schimmer
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/