Okay I have kerbV running and I can use aklog to get a token and things seem peachy with that part of the upgrade.
We need klog support and it is my understanding that MIT KrbV doesn't support the RX protocol without using fakeka so I am trying to get fakeka running. I run kadmin: ktadd -k /etc/krb5.keytab -e des-cbc-crc [EMAIL PROTECTED] ktadd: Invalid argument while parsing keysalts de-cbc-crc I do: kadmin: ktadd -k /etc/krb5.keytab -e des-cbc-crc:normal [EMAIL PROTECTED] Entry for principal [EMAIL PROTECTED] with kvno 4, encryption type DES cbc mode with CRC-32 added to keytab Is this the right salt? I run asetkey which should copy this back to the KeyFile, and it works but I am still getting this error. [EMAIL PROTECTED] test4]#fakeka fakeka: No matching key in entry while decrypting the master key The only thing I can think of is des-cbc-crc:normal needs to be something else or I am missing needed arguments to fakeka. Do I need to initialize this in the BosConfig file by adding fakeka as a server too? I kind of hit a brickwall so any help would be appreciated. Thanks Sean -------------------------------------- Sean O'Malley, Information Technologist Michigan State University ------------------------------------- On Mon, 17 May 2004, Douglas E. Engert wrote: > > > Garrett Wollman wrote: > > > > <<On Fri, 14 May 2004 19:45:36 -0400 (EDT), "Sean O'Malley" <[EMAIL PROTECTED]> > > said: > > > > > will take at least a year. I would like to dump kerberos IV support > > > altogether. I am just wondering about the feasibility of the plan. > > > > We did not make any transition, but we are running a pure-v5 > > environment with no Kerberos-related problems. There are still a few > > issues we'd like to get resolved; most importantly, geting kafs to use > > a stronger encryption algorithm than single-DES. (afs is the only > > principal in our KDC that has a single-DES key and we'd like to get > > disable 1DES entirely.) We do run krb524d, in standalone mode, on the > > AFS dbservers to support ticket mangling for Unix clients using > > `aklog', and we also run gssklogd but plan to stop now that the > > current Windows client and KfW support using v5 tickets directly. > > Note that AFS 1.3.64 will still only use DES keys. To do otherwise will > require some major changes to AFS. 1.3.64 added des-cbc-md5 and des-cbc-md4 > to the existing des-cbc-crc as will as allowing ticket large then 344 bytes. > > > > > > > -GAWollman > > > > _______________________________________________ > > OpenAFS-devel mailing list > > [EMAIL PROTECTED] > > https://lists.openafs.org/mailman/listinfo/openafs-devel > > _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
