Hi, > specifically, your /etc/krb5.conf should have allow_weak_crypto = true > in the [libdefaults] section. > unfortunately this didn't change anything, still the same problem.
Stefan > i tried to add this info to the afslore wiki but it didnt seem to take. > > On Tue, 27 Mar 2012 07:49:53 -0400 > Derrick Brashear <[email protected]> wrote: > > > https://lists.openafs.org/pipermail/openafs-info/2011-June/036188.html > > > > On Tue, Mar 27, 2012 at 3:45 AM, Stefan Michael Guenther > > <[email protected]> wrote: > > > Hello, > > > > > > I'm currently trying to setup OpenAFS 1.6.0-1 together with MIT Kerberos > 1.9.1 on an Ubuntu System. > > > > > > All necessary processes are running but something seems to be wrong with > > > my > Kerberos configuration: > > > > > > intranet:/var/log# kinit admin > > > Password for [email protected]: > > > > > > intranet:/var/log# klist > > > Ticket cache: FILE:/tmp/krb5cc_0 > > > Default principal: [email protected] > > > > > > Valid starting Expires Service principal > > > 03/27/12 09:13:32 03/27/12 19:13:32 krbtgt/[email protected] > > > renew until 03/28/12 09:13:29 > > > > > > > > > intranet:/var/log# aklog -d > > > Authenticating to cell IN-PUT.DE (server intranet.in-put.de). > > > Trying to authenticate to user's realm IN-PUT.DE. > > > Getting tickets: afs/[email protected] > > > We've deduced that we need to authenticate to realm IN-PUT.DE. > > > Getting tickets: afs/[email protected] > > > Getting tickets: afs/[email protected] > > > Getting tickets: [email protected] > > > Kerberos error code returned by get_cred : -1765328370 > > > aklog: Couldn't get IN-PUT.DE AFS tickets: > > > aklog: unknown RPC error (-1765328370) while getting AFS tickets > > > > > > > > > According to a number of postings the error is related to ticket > encryption, but I guess I have the right settings in the Kerberos config > files: > > > > > > /etc/krb5.conf > > > ------------------- > > > > > > [libdefaults] > > > default_realm = IN-PUT.DE > > > krb4_config = /etc/krb.conf > > > krb4_realms = /etc/krb.realms > > > kdc_timesync = 1 > > > ccache_type = 4 > > > forwardable = true > > > proxiable = true > > > fcc-mit-ticketflags = true > > > > > > [realms] > > > IN-PUT.DE = { > > > kdc = intranet.in-put.de > > > admin_server = intranet.in-put.de > > > } > > > > > > [domain_realm] > > > .in-put.de = IN-PUT.DE > > > in-put.de = IN-PUT.DE > > > > > > [login] > > > krb4_convert = true > > > krb4_get_tickets = false > > > > > > /etc/krb5kdc/kdc.conf > > > ------------------------------ > > > > > > [kdcdefaults] > > > kdc_ports = 750,88 > > > > > > [realms] > > > IN-PUT.DE = { > > > database_name = /var/lib/krb5kdc/principal > > > admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab > > > acl_file = /etc/krb5kdc/kadm5.acl > > > key_stash_file = /etc/krb5kdc/stash > > > kdc_ports = 750,88 > > > max_life = 10h 0m 0s > > > max_renewable_life = 7d 0h 0m 0s > > > master_key_type = des3-hmac-sha1 > > > supported_enctypes = #supported_enctypes = aes256-cts:normal > arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal > des:v4 > des:norealm des:onlyrealm des:afs3 > > > default_principal_flags = +preauth > > > } > > > > > > Thanks for any hints or suggestions, > > > > > > Stefan > > > > > > > > >
smime.p7s
Description: S/MIME Cryptographic Signature
