[OpenAFS] Migrating away from single DES
Andreas Ladanyi
andreas.ladanyi@kit.edu
Mon, 14 Sep 2020 12:11:04 +0200
Hi Stefano,
Rekey your AFS Server(s).
Have a look at this document:
https://www.openafs.org/pages/security/how-to-rekey.txt
An interesting discussion about "how-to-rekey.txt":
https://openafs-info.openafs.narkive.com/PVFdhGZD/afs-principal-rekeying-instructions-may-be-incomplete
regards,
Andreas
Am 14.09.20 um 10:32 schrieb ProbaNet SRLS:
> Hello!
>
> Recent releases of krb5 (> 1.18) no longer support single des
> encryption (the "allow_weak_crypto = yes" option in krb5.conf client
> side has no longer effect), so now we get this error with "aklog -d":
>
> ---
>
> Kerberos error code returned by get_cred : -1765328370
> aklog: Couldn't get XXXXX AFS tickets:
> aklog: KDC has no support for encryption type while getting AFS tickets
>
> ---
>
> How should we proceed?
>
>
> Stefano
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info