On 4/12/2011 11:18 AM, Simon Wilkinson wrote: > > On 12 Apr 2011, at 16:09, Jeffrey Altman wrote: > >> If the kvno you generated is 8, then the keno you ask asetkey to add must >> also be 8. > > The principal was added with kvno 8, but then the 'ktadd' incremented that > number by 1 one when it regenerated the key to create the keytab. klist shows > the kvno as 9: > >>> [root@afs1c afs]# klist -e -k afs1_dantolov.uits.indiana.edu_kdc.keytab >>> Keytab name: FILE:afs1_dantolov.uits.indiana.edu_kdc.keytab >>> KVNO Principal >>> ---- >>> -------------------------------------------------------------------------- >>> 9 afs/[email protected] (DES cbc mode >>> with RSA-MD5) > > I think the problem is the encryption type. When we do the extract, we > specifically ask for a des-cbc-crc key. The key you have created is > des-cbc-md5. I suspect that the extraction routine is seeing these types as > different, and so failing the match. > > Try again with a des-cbc-crc key, and see if that works! > > Cheers, > > Simon.
My apologies for the rushed (and incorrect) response. Simon is correct. The most likely cause of KRB5_KT_NOTFOUND (-17655328203) is the non-matching enctype. I've posted a patchset to gerrit.openafs.org which permits the DES-CBC-MD5 and DES-CBC-MD4 enctypes to be accepted by asetkey. http://gerrit.openafs.org/#change,4459 Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
