[OpenAFS] aklog: unknown RPC error (-1765328370) while getting AFS tickets

Jose M Calhariz jose.calhariz@tecnico.ulisboa.pt
Mon, 12 Sep 2022 16:49:47 +0100 

--3lcZGd9BuhuYXNfi
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 12, 2022 at 02:28:01PM +0000, spacefrogg-openafs@spacefrogg.net=
 wrote:
> The error means that the server does not support the requested encryption=
 type.
>=20
> You may have a look here for the list of krb5 error codes:
> https://www.netmeister.org/blog/krb5-error-codes-table.html
>=20
> If you run MIT kerberos, you can run aklog as:
> $ KRB5_TRACE=3D/dev/stderr aklog
>=20
> which should present you with a detailed trace of the kerberos communicat=
ion. It could help you find out which server denies the request and what el=
se has been tried by the client.
>

Thank you both.  This is a problem of encryption types, yes.

Todo the setup of the cell I was following the instrtuctions from
Debian 9.  So I have done:

kadmin.local
addprinc -randkey -e des-cbc-crc:v4 afs
ktadd -k /root/afs.keytab -e des-cbc-crc:v4 afs
getprinc afs
quit

and later:


asetkey add <kvno> /root/afs.keytab afs



But I am seing the aklog requesting:

[5785] 1662996087.387118: Generated subkey for TGS request: aes256-cts/AA29
[5785] 1662996087.387435: etypes requested in TGS request: aes256-cts, aes1=
28-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts,=
 camellia256-cts, des-cbc-crc, des, des-cbc-md4


My OpenAFS is 1.6.20-2+deb9u2


> Kind regards,
> =E2=80=93Michael
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>=20


Kind regards
Jose M Calhariz



--=20
--

Os homens n=C3=A3o ficam mais espertos com a idade. Apenas perdem mais cabe=
los

--Preston Sturges

--3lcZGd9BuhuYXNfi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEERkvHzUOf7l6LQJigNIp3jWiF748FAmMfVRQACgkQNIp3jWiF
74/S+hAAiE1yjWWDQtGbgyO6AUzQY336Lc+KLDRe7fS9x69JLPh3vLSZ3gnUCq5f
gGlYR8Nss0cjBB+6gkpyZbiKLV4kAKXWDSqHjBHJBgd0PuwaoYxxiPRSCjW8kRdl
yGn/2ggEH/Ok0+YGeZ1yNu4muqg1FkB5vc7kEemFtDPluBow6ac65n0eXJyXSUuK
Rp8gMQbPn3PwRBUCtC/S9EQe2NPwjTmANiNllhprJnS5s87KIizcUf+EVdyRigzA
mODgOIfrY2VD2f0/vQVkK3M1dMaCWZ5UQJ9GRmCTplmux2BDm8nYBObZaF/MqbjY
aBZjoCST4luxD0NXHD1UDSoC3iemj9YhMTRmvT2OsW1GOalhjIkWpqSc+pe8QhuI
4AyoPxnCJR5B2uAUop5x5SLLasIsUnaJPHzcCYFg+3v4LWVVEBnLb+sGcKsmnE9r
cocbuJY3EcZVk7L7ZWwCrBbkM5hNowlifnaBAE8rPxNrBJRoOwYsuE8VrqVsU8ln
RWQZZGd50d7VayH+UpTfAwuzj4JRjqvIwnsGabBe/0oWPYHDuh//vK9Bah7aIlSB
T38FgOTju+4XNM6+vUFRdyqyvF2bgGG+e3NNawrPjnNVzMFtB+T0n1fWVLII80FC
qwUj160KLOEFknuId0LwZ+v3ZtFI3oIiv7x2R4Ahjh1srfdiqdE=
=8WM+
-----END PGP SIGNATURE-----

--3lcZGd9BuhuYXNfi--