On Tue, Jun 20, 2017 at 08:18:10PM +0000, John D'Ausilio wrote: > I’ve been fighting with trying to bring up a brand new AFS on linux (Ubuntu > server 16.04LTS). > I had the domain admins add a user and principle and generate a keytab, from > which I deleted the DES keys: > ktutil: list -e > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 6 afs/test.example.com@REALM (arcfour-hmac) > 2 6 afs/test.example.com@REALM (aes256-cts-hmac-sha1-96) > 3 6 afs/test.example.com@REALM (aes128-cts-hmac-sha1-96) > I can get a ticket with kinit with the keytab > When I try to add it to openafs config with asetkey, I get this: > asetkey: unknown RPC error (-1765328203) for keytab entry with Principal > afs/test.example.com@REALM, kvno 6, DES-CBC-CRC/MD5/MD4 > > It appears to be trying to looking for a DES key? I don’t see any way to tell > asetkey what the crypto is (though I see references to an earlier? version > that took the encryption type number as a parameter).
Without looking too hard at the particular error message, you don't need to use asetkey with the version of openafs shipped with 16.04LTS -- just rename the krb5 keytab to rxkad.keytab and drop it in the directory next to the KeyFile. Unfortunately, http://openafs.org/pages/security/install-rxkad-k5-1.6.txt and the other text associated with OPENAFS-SA-2013-003 may still be the best documentation for this. The Unix Quickstart guide should have the proper procedure as well, IIRC. -Ben _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
