On Wednesday, August 17, 2005 02:34:42 AM +0200 Martin MOKREJ©
<[EMAIL PROTECTED]> wrote:
My /etc/krb5.conf is attached. Anything wrong in there?
Are there soem enctypes which do not work? I mean, do I have to delete
some of them after afs/cellname principal is created?
Like:
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e
des-cbc-md5
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e
des-cbc-md4
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e
aes256-cts-hmac-sha1-96
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e
arcfour-hmac-md5
First, you will want to use kadmin's del_enctypes command to delete from the
Kerberos database any non-DES keys on the afs service principal, such as the
aes256-cts-hmac-sha1-96 and arcfour-hmac-md5 keys you mention above. What
is
in the keytab file is irrelevant; keytab files are for servers, not the KDC.
However, I suspect your real problem is that you lack an AFS keyfile in
/usr/afs/etc/KeyFile or whereever is appropriate for your system. To create
this file, you should use a command like
ktutil copy /etc/krb5.keytab AFSKEYFILE:/usr/afs/etc/KeyFile
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
