On Thu, 12 Sep 2013 15:00:59 -0400 Kendrick Hernandez <[email protected]> wrote:
> I just verified on the old server that the SUNWcry package is not > installed, so that maybe the case here. Thanks for checking that. > > And sorry about the lack of useful information from the server about > > this. The part of the code that would be able to detect this error > > currently has no ability to log anything, which is why this can get > > confusing. > > No problem, and thanks for the help. With the EOL of 1.4 in sight, > this probably won't be an issue for much longer. Well, this doesn't have to do with 1.4 vs 1.6. If the server cannot decrypt the response from the kdc, there's nothing our code can do about that. The same thing would happen with any other kerberized service. The only ways you could have fixed that situation were making Solaris understand aes256 (either by upgrading as you did, or presumably installing SUNWcry), or changing the kdc configuration to not issue aes256 tickets for the afs service (probably by removing the aes256 key for it). -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
