Just a thought, did you add/change enc_types when you went to 1.6.2? E.g. were you supporting AES256, DES3 and DES under krb5-1.4.3 ? I've seen issues with certain things not understanding the AES256 type.
<<CDC Mike Dopheide <[EMAIL PROTECTED]> wrote: > We've also found that reverting back to MIT Kerberos 1.4.3 wasn't good > enough. Some principals would start working with klog again after > another password change, but others needed to be deleted and > recreated. > Is anyone else using MIT Kerberos 1.6.2 and klog? > > Mike Dopheide wrote: >> Number of keys: 5 >> Key: vno 30, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt >> Key: vno 30, Triple DES cbc mode with HMAC/sha1, no salt >> Key: vno 30, DES cbc mode with CRC-32, no salt >> Key: vno 30, DES cbc mode with CRC-32, Version 4 >> Key: vno 30, DES cbc mode with CRC-32, AFS version 3 >> >> Jeffrey Altman wrote: >>> Matt Elliott wrote: >>>> We just discovered a problem with our KDC now running MIT 1.6.2. >>>> When a user changes their password (previous keys were created >>>> with our old kdc version 1.4.3 still work) with patches and then >>>> tries klog it longer grants tokens. klog returns "Unable to >>>> authenticate to AFS because password was incorrect." kinit and a >>>> subsequent aklog still works. Has anyone else seen this or have a >>>> fix? _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
