Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

Hi Simo, Thats interesting. Now i can receive afs/cellname@REALM service tickets with des-cbc-crc and aes256 key on the client but only when i execute: kvno -e des-cbc-crc afs/cellname If i execute aklog to obtain an afs token from tgt i get a afs/cellname@REALM service ticket without

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On Tue, 18 Nov 2014 15:11:01 +0100 Andreas Ladanyi andreas.lada...@kit.edu wrote: Hi Simo, Thats interesting. Now i can receive afs/cellname@REALM service tickets with des-cbc-crc and aes256 key on the client but only when i execute: kvno -e des-cbc-crc afs/cellname If i execute

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On 11/17/2014 07:59 AM, Andreas Ladanyi wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions Please don't do this, use

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On Mon, 17 Nov 2014 13:59:44 +0100 Andreas Ladanyi andreas.lada...@kit.edu wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

[root@cc21 ~]# ipa host-add --force afs-cellname.ipacloud.test --- Added host afs-cellname.ipacloud.test --- Host name: afs-cellname.ipacloud.test Principal name: host/afs-cellname.ipacloud.t...@ipacloud.test

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions Please don't do this, use the ipa service-add and ipa-getkeytab

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On Thu, 13 Nov 2014, Andreas Ladanyi wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions Please don't do this, use

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On 11/12/2014 09:54 AM, Andreas Ladanyi wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x ipa-setup-override-restrictions The result is:

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On Wed, 12 Nov 2014 15:54:14 +0100 Andreas Ladanyi andreas.lada...@kit.edu wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal with: kadmin.local -x

Re: [Freeipa-users] FreeIPA Kerberos and Single-DES for OpenAFS

On 13.11.2014 02:17, Simo Sorce wrote: On Wed, 12 Nov 2014 15:54:14 +0100 Andreas Ladanyi andreas.lada...@kit.edu wrote: Hi, I set up the 389 LDAP server to support des-cbc-crc enctype. I created a principal for OpenAFS. OpenAFS need des-cbc-crc:v4 (single-DES). I created the principal