Kevin Coffman wrote:
On 10/29/07, Ken Hornstein <[EMAIL PROTECTED]> wrote:Oct 29 12:58:13 silmaril krb5kdc[13245](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) xxx.xx.11.213: DECRYPT_CLIENT_KEY: [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED], Decrypt integrity check failedOne little thing I always forget about afs2k5db .... it currently only works if your master key is single-DES (in theory this isn't hard to fix, but see previous comments about time, interest, etc etc). Judging by this error, the client keys are not encrypted properly in the database. I am guessing that your K/M principal is something other than single-DES.
Thanks Ken and Kevin.
Could changing realm names be another possibility? Jeff, are you using the same realm name in your KDC as in the kaserver?
Same realm. Yes, the K/M principal is single and triple DES'd. How does one go about deleting one of K/M's keys in DB without shooting oneself in the foot? _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
