-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Douglas E. Engert wrote: > Can you run klist -e -t -K -k afstest-md5.keytab > and verify that the key matches what asetkey has.
Thank you! This led to the solution... It did NOT match, as the key had been added with bos addkey with the most recent service principal keytab from the ADS admin, and I deleted and re-added it with asetkey and then it did match, and now it works for BOTH realms. Earlier, the ADS admin was automatically generating a key that used HMAC with des-cbc-crc because it had solved a problem for another admin setting up NFS, so he thought it was necessary. Thanks again! This has been a frustrating project. Now to prepare to do it in production. Chris - -- Eric Chris Garrison | Principal Mass Storage Specialist [email protected] | Indiana University - Research Storage W: 317-278-1207 M: 317-250-8649 | Jabber IM: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKYNKIG2WsK8XoJWURAg0LAJ9pRyIpttFt+Lbiig5LrvZcVAsRQgCfRWvl hO4fCbiMWh48dnLhjvQ9CJg= =sl8k -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
