On Thu, Dec 11, 2008 at 4:33 PM, Tony D'Amato <[email protected]> wrote:
> After working the problem with Jeffrey Altman and Douglas Engert as well > as Derrick Brashear offline, here's what I was doing wrong: > > 1) The afs/lionstest.odu.edu key was using the wrong salt... I fixed this > by removing all instances of afs/lionstest.odu.edu from the keytab and > from AFS (using asetkey delete) and replaced them with the proper one, then > recycled the server: > > kadmin: addprinc -randkey -e "des-cbc-crc:v4" afs/lionstest.odu.edu > > kadmin: ktadd -e "des-cbc-crc:v4" afs/lionstest.odu.edu > > # klist -k -e -t -K|grep afs > 3 11/12/2008 15:43 afs/[email protected] (DES cbc mode > with CRC-32) (0xb58c6e5e0d0b8f54) > > # asetkey add 3 /etc/krb5/krb5.keytab afs/lionstest.odu.edu > > # asetkey list > kvno 3: key is: b58c6e5e0d0b8f54 > All done. > > 2) Because I'm using a Kerberos realm name which does not match the AFS > cell name, I had to enter that realm into the following two files and > recycle the AFS server and client: > > /usr/vice/etc/krb.conf # for the client > /usr/afs/etc/krb.conf # for the server > The client doesn't care, actually. Just need the one in /usr/afs/etc
