I went and upgraded all my server/client linux systems to Kerberos 1.8 and openafs 1.4.12. From the posts I have read here: https://lists.openafs.org/pipermail/openafs-info/2010-March/033059.html I was under the impression I didn't have to modify krb5.conf to allow weak encryption because something was enabled so that aklog was able to get tokens with the encryption.
However, it appears I still have to modify the krb5.conf to allow it. Otherwise I see this error in aklog r...@goro:/etc# aklog -d Getting tickets: [email protected] Kerberos error code returned by get_cred : -1765328370 aklog: Couldn't get bandaleros.net AFS tickets: aklog: unknown RPC error (-1765328370) while getting AFS tickets The krb5kdc log also indicates that the KDC has no support for encryption type. Checking the config.log for openafs I noticed this: configure:25362: checking for krb5_allow_weak_crypto configure:25418: cc -o conftest -g -O2 -I/usr/local/include conftest.c -L/usr /local/lib -Wl,-rpath -Wl,/usr/local/lib -lkrb5 -lk5crypto -lcom_err -lresolv -l dl >&5 configure:25424: $? = 0 configure:25442: result: yes configure:25362: checking for krb5_enctype_enable configure:25418: cc -o conftest -g -O2 -I/usr/local/include conftest.c -L/usr /local/lib -Wl,-rpath -Wl,/usr/local/lib -lkrb5 -lk5crypto -lcom_err -lresolv -l dl >&5 /tmp/ccOLqQ68.o: In function `main': /usr/local/downloads/openafs-1.4.12/conftest.c:193: undefined reference to `krb5 _enctype_enable' Is that what's causing the problem? I'm running Linux-2.6.33.1, Kerberos 1.8 and openafs-1.4.12 off a slackware distribution. Steps for upgrade: Compiled and installed Kerberos 1.8 (upgraded from 1.7) Installed linux 2.6.33.1 Compiled and installed Openafs-1.4.12 (upgraded from 1.4.11) Tom
