-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Douglas E. Engert wrote: > >
>> What user are you using with the kinit? I did used the users with "use DES enctypes" enabled. Now I tried with the users without this function enabled and I get tickets. But no tokens :-( Error: adiotest:~# kinit schimmer Password for schim...@cgv.tugraz.at: adiotest:~# aklog aklog: Couldn't get cgv.tugraz.at AFS tickets: aklog: unknown RPC error (-1765328370) while getting AFS tickets adiotest:~# tokens Tokens held by the Cache Manager: --End of list-- adiotest:~# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: schim...@cgv.tugraz.at Valid starting Expires Service principal 03/10/10 10:18:24 03/11/10 10:18:24 krbtgt/cgv.tugraz...@cgv.tugraz.at Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 So looks like no DES enctype for OpenAFS. But I need DES enctypes. >> Does a network trace show anything? Not so far yet. >> We have seen issues with using the kinit -k with a keytab >> if the keytab does not have the highest enctype both client and server >> support (AES256). I want to obtain tokens with the PAM module later on (and on Windows 7 while login, I never used the -k option so far). >> All of our DCs are now 2008R2, and afs aklog works well on >> and Solaris 9 and 10; Ubuntu Dapper-Karmic; Windows XP, Vista and W7 >> clients. I want that setup, to. But how do I enable the DES enctypes.... Thank you so far. MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: l.schim...@cgv.tugraz.at Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuXZFAACgkQmWhuE0qbFyO+/ACfZeLhC4QIOMfqps3lcfn3ZSt9 UMAAn23FFFLy4UezmaBUuD96sX48Y2Ja =/uXf -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos