I’ve been fighting with trying to bring up a brand new AFS on linux (Ubuntu server 16.04LTS). I had the domain admins add a user and principle and generate a keytab, from which I deleted the DES keys: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 afs/test.example.com@REALM (arcfour-hmac) 2 6 afs/test.example.com@REALM (aes256-cts-hmac-sha1-96) 3 6 afs/test.example.com@REALM (aes128-cts-hmac-sha1-96) I can get a ticket with kinit with the keytab When I try to add it to openafs config with asetkey, I get this: asetkey: unknown RPC error (-1765328203) for keytab entry with Principal afs/test.example.com@REALM, kvno 6, DES-CBC-CRC/MD5/MD4
It appears to be trying to looking for a DES key? I don’t see any way to tell asetkey what the crypto is (though I see references to an earlier? version that took the encryption type number as a parameter). Just for fun, I tried with the keytab that had the DES keys. That also fails, but differently: asetkey: failed to set key, code 70354688. John L. D’Ausilio
