[OpenAFS] unknown RPC error (-1765328370) while getting AFS tickets

Tue, 27 Mar 2012 00:50:07 -0700 

Hello,

I'm currently trying to setup OpenAFS 1.6.0-1 together with MIT Kerberos 1.9.1 
on an Ubuntu System.

All necessary processes are running but something seems to be wrong with my 
Kerberos configuration:

intranet:/var/log# kinit admin
Password for [email protected]: 

intranet:/var/log# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting     Expires            Service principal
03/27/12 09:13:32  03/27/12 19:13:32  krbtgt/[email protected]
        renew until 03/28/12 09:13:29


intranet:/var/log# aklog -d
Authenticating to cell IN-PUT.DE (server intranet.in-put.de).
Trying to authenticate to user's realm IN-PUT.DE.
Getting tickets: afs/[email protected]
We've deduced that we need to authenticate to realm IN-PUT.DE.
Getting tickets: afs/[email protected]
Getting tickets: afs/[email protected]
Getting tickets: [email protected]
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get IN-PUT.DE AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets


According to a number of postings the error is related to ticket encryption, 
but I guess I have the right settings in the Kerberos config files:

/etc/krb5.conf
-------------------

[libdefaults]
        default_realm = IN-PUT.DE
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
        fcc-mit-ticketflags = true

[realms]
        IN-PUT.DE = {
                kdc = intranet.in-put.de 
                admin_server = intranet.in-put.de
        }

[domain_realm]
        .in-put.de = IN-PUT.DE
        in-put.de = IN-PUT.DE

[login]
        krb4_convert = true
        krb4_get_tickets = false

/etc/krb5kdc/kdc.conf 
------------------------------

[kdcdefaults]
    kdc_ports = 750,88

[realms]
    IN-PUT.DE = {
        database_name = /var/lib/krb5kdc/principal
        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        key_stash_file = /etc/krb5kdc/stash
        kdc_ports = 750,88
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = des3-hmac-sha1
        supported_enctypes = #supported_enctypes = aes256-cts:normal 
arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 
des:norealm des:onlyrealm des:afs3
        default_principal_flags = +preauth
    }

Thanks for any hints or suggestions,

Stefan

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to