Under [libdefaults] add "allow_weak_crypto = true". It appears Heimdal considers that weak crypto but KfW doesn't.
Billy Beaudoin ITECS Systems NC State University On Thu, Dec 15, 2011 at 12:52 PM, Eric Sturdivant <[email protected]> wrote: > On Thu, 15 Dec 2011, Jeffrey Altman wrote: > >> 32-bit NIM requires the krbv4w32.dll and krb524.dll from MIT KFW. >> A future Heimdal distribution will bundle them as an optional install >> item and a future NIM distribution will stop supporting Kerberos v4 >> entirely. >> >> For now you can copy the DLLs from the MIT distribution and place them >> in your PATH. >> > > This gets us a bit further, but now NIM fails getting AFS tokens. The error > message is "Credentials could not be obtained for cell glue.umd.edu". > > aklog -d shows: > > C:\Users\Administrator>aklog -d > Authenticating to cell glue.umd.edu. > Getting v5 tickets: afs/[email protected] > Kerberos error code returned by get_cred: -1765328234 > aklog: Couldn't get glue.umd.edu AFS tickets: encryption type des-cbc-crc is > dis > abled > > > klist shows: > > Credentials cache: API:[email protected] > Principal: [email protected] > Cache version: 0 > > Server: krbtgt/[email protected] > Client: [email protected] > Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 > Ticket length: 307 > Auth time: Dec 15 12:50:42 2011 > End time: Dec 15 22:50:45 2011 > Ticket flags: pre-authent, initial, forwardable > Addresses: addressless > > > > but the des-cbc-crc type is allowed in the KDC, klist output from a unix > machine: > > Server: afs/[email protected] > Client: [email protected] > Ticket etype: des-cbc-crc, kvno 1 > Ticket length: 310 > Auth time: Dec 15 12:29:24 2011 > Start time: Dec 15 12:29:39 2011 > End time: Dec 16 12:29:25 2011 > Ticket flags: forwarded, pre-authenticated, transited-policy-checked > Addresses: IPv4:128.8.236.234 > > > > Is this a local setting (on the windows machine) preventing the afs ticket > from being acquired? (tcpdump doesn't sohw any communication to the kdc's > when the aklog command is run). > > > -- > Eric Sturdivant > University of Maryland > Office of Information Technology > Enterprise Unix Services > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
