On Thu, 10 May 2012 17:28:51 -0400 Jeff White <[email protected]> wrote:
> > Details here: > > http://wiki.openafs.org/AFSLore/WindowsK5AfsServicePrincipal/ > > I used the exact same ktpass args on both the 2008 PITT.EDU realm and > the 2003 UNIV.PITT.EDU realm (changing the realm name though). Is there > something wrong with running it with those args on 2003? It has nothing to do with the args or usage, etc; some versions of the tool are just broken. See the link. > This might be a problem: > [root@afs-dev-03 ~]# kinit -kt /var/tmp/afskerbuser.keytab > afs/[email protected] > kinit: KDC has no support for encryption type while getting initial > credentials That's a little confusing, since the KDC granted you a service ticket with a DES enctype earlier: > [jaw171@afs-dev-03 ~]$ klist -e > Ticket cache: FILE:/tmp/krb5cc_354461 > Default principal: [email protected] > > Valid starting Expires Service principal > 05/10/12 13:12:45 05/10/12 23:12:48 krbtgt/[email protected] > renew until 05/17/12 13:12:45, Etype (skey, tkt): arcfour-hmac, > arcfour-hmac > 05/10/12 13:12:59 05/10/12 23:12:48 afs/[email protected] > renew until 05/17/12 13:12:45, Etype (skey, tkt): des-cbc-crc, > des-cbc-md5 >From that output I would expect that DES stuff is turned on for the account, but... can you check? And can you say what's in the keytab: ktutil rkt /var/tmp/afskerbuserkeytab l -e -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
