On 09/12/2013 03:37 PM, Andrew Deason wrote:
On Thu, 12 Sep 2013 15:00:59 -0400
Kendrick Hernandez <[email protected]> wrote:
I just verified on the old server that the SUNWcry package is not
installed, so that maybe the case here.
Thanks for checking that.
I believe you need both SUNWcry & SUNWcryr
And sorry about the lack of useful information from the server about
this. The part of the code that would be able to detect this error
currently has no ability to log anything, which is why this can get
confusing.
No problem, and thanks for the help. With the EOL of 1.4 in sight,
this probably won't be an issue for much longer.
Well, this doesn't have to do with 1.4 vs 1.6. If the server cannot
decrypt the response from the kdc, there's nothing our code can do about
that. The same thing would happen with any other kerberized service.
The only ways you could have fixed that situation were making Solaris
understand aes256 (either by upgrading as you did, or presumably
installing SUNWcry), or changing the kdc configuration to not issue
aes256 tickets for the afs service (probably by removing the aes256 key
for it).
--
Rich Sudlow
University of Notre Dame
Center for Research Computing - Union Station
506 W. South St
South Bend, In 46601
(574) 631-7258 (office)
(574) 807-1046 (cell)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
