[OpenAFS] Re: Creating service principal and keytab from active directory for
afs/cell
Andrew Deason
adeason@sinenomine.net
Thu, 26 Sep 2013 12:05:46 -0500
On Thu, 26 Sep 2013 16:38:42 +0000
Arne Wiebalck <Arne.Wiebalck@cern.ch> wrote:
> Thanks Andrew and Jeffrey.
>
> So, from what I understand from your answers is that as long the
> AFS server has a rxkad.keytab that contains the enc type the
> KDC issues, things should be OK afs-wise.
I just realized I didn't confirm this. Yes, that is generally correct,
and point I meant to get across.
There is an exception to that where it's not strictly true if your KDC
is issuing service tickets with single DES. But your KDC is not supposed
to be issuing DES tickets in this scenario.
--
Andrew Deason
adeason@sinenomine.net