On Thu, Sep 12, 2013 at 12:00 PM, Andrew Deason <[email protected]> wrote: > On Thu, 12 Sep 2013 09:57:30 -0400 > Kendrick Hernandez <[email protected]> wrote: > >> I saved the output of "showrev -a" before upgrading, if that would be >> helpful. > > The below has a possible explanation, but sure, it would be good to > have. If it's large, don't send it to the list. > > However, I've realized what may be happening is that that server just > didn't support the encryption type used by the kdc to encrypt the > service ticket (aes256). It looks like Solaris 10 krb5 does not support > aes256 if you don't have the SUNWcry package installed, which is > available but not installed by default until update 4. It does support > all of the other enctypes you mentioned, though (including aes128).
I just verified on the old server that the SUNWcry package is not installed, so that maybe the case here. > > While I was aware this was at least a theoretical possibility, I could > not remember any actual systems you can run an openafs server on that > supported non-des krb that didn't support all of the common enctypes > (aes256, aes128, des3, and rc4). If that's what was happening here, you > are the first instance of this I've seen, and we should update the > install instructions to make a note of this. Yeah, prior to applying the patchset, U2 didn't have the krb5 libraries that our 1.4.15 binaries had been built against, but afterwards they ran just fine. > > And sorry about the lack of useful information from the server about > this. The part of the code that would be able to detect this error > currently has no ability to log anything, which is why this can get > confusing. No problem, and thanks for the help. With the EOL of 1.4 in sight, this probably won't be an issue for much longer. k- -- : Kendrick Hernandez : UNIX Systems Administrator : UNIX Systems and Infrastructure : Division of Information Technology : University of Maryland, Baltimore County _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
