Hi, thank you for your efforts.
> In none of the above cases the afs service ticket work correctly > although In the 1. case i have a des-cbc-crc key. > I cant access my user directory in afs. I get a permission denied error. > Yes, and that is expected. I suppose I have not been clear; you have two > different ways to make this work: > > 1. Extract a keytab for afs/cell with just DES, and nothing else, just > like you originally did (and add it to the KeyFile). Then get the > FreeIPA KDC and your client machine configured to use DES. If you have > not correctly configured these to let you use DES, then you get the > error you originally saw (-1765328370). If you've already set > allow_weak_crypto on the KDC and the client, then you may need to ask > the FreeIPA people for additional help. Now especially the point 1.) is clear :-) Iam also already talking to the FreeIPA people. > > 2. Extract a keytab for afs/cell with non-DES enctypes, and install it > in rxkad.keytab. Follow the instructions I mentioned in > <http://openafs.org/pages/security/install-rxkad-k5-1.6.txt> and > <http://openafs.org/pages/security/how-to-rekey.txt> to configure the > servers to use this keytab. If you have not configured the servers to do > this, then you will get errors such as "permission denied", as you have > been getting. In this case we have to update the servers because OpenAFS 1.6.1 > > So, follow one of those paths, and you should be able to get > authentication working. Your current setup I believe is following > neither of those approaches, and so it doesn't work. I would think > option 2 is easier, but that's up to you. > Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
