On 27.07.2013 10:51, Lars Schimmer wrote: > On 2013-07-26 22:30, Andrew Deason wrote: >> On Fri, 26 Jul 2013 14:07:46 +0200 >> Lars Schimmer <[email protected]> wrote: >> >>> Ok, now with access to such a machine: >>> krbtgt/[email protected] >>> Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS >>> mode with 96-bit SHA-1 HMAC >>> afs/cgv.tugraz.at/CGV.TUGRAZ.AT >>> Etype /skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with >>> 96-bit SHA-1 HMAC >> >> By any chance, do you happen to have the registry entry >> >> HKLM\SYSTEM\CurrentControlSet\services\kdc\KdcUseRequestedEtypesForTickets >> >> set to 1? That seems like it may cause that behavior, from a quck test I >> just did. > > Yes, I did set it. > > Lets see what happens if I set it to 0.
Ok, the windows machines (I tested now with 1.7.2601 OpenAFS windows) get a token on login and can access the OpenAFS filespace as usual. That entry really did a change. BUT on my laptop I get now this error: PS C:\Program Files (x86)\MIT\Kerberos\bin> kinit lschimmer Password for [email protected]: kinit.exe(v5): Ccache function not supported: read-only ccache type while storing credentials PS C:\Program Files (x86)\MIT\Kerberos\bin> Even networkID manager does not show a ticket and klist -e does not show anything, as I could not get a token with kinit/network ID manager.. What goes wrong now? (it did well on the machine I tested first and which worked all the time with 1.7.26...) MfG, Lars Schimmer -- ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [email protected] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
signature.asc
Description: OpenPGP digital signature
