[OpenAFS-devel] ticket contained unknown key version number

Tue, 16 Aug 2005 17:35:08 -0700 

Hi,
  I've deletd my test cell and have started from scratch. But somehow,
I cannot re-create the setup as usually. I use current cvs checkout of
openafs with both, heimdal-0.7-cvs and heimdal-0.6.5. It seems bos
doesn't understand "some" tickets ... but, it doesn't give any usefull
output. Why is the "krbtgt/[EMAIL PROTECTED]" containing the cellname part in
uppercase? Maybe that's the problem?

aquarius heimdal-0.6.5 # klist -v
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: mmokrejs/[EMAIL PROTECTED]
    Cache version: 4

Server: krbtgt/[EMAIL PROTECTED]
Ticket etype: des-cbc-crc, kvno 1
Auth time:  Aug 17 02:26:30 2005
End time:   Aug 18 02:26:30 2005
Renew till: Aug 24 02:26:30 2005
Ticket flags: forwardable, proxiable, renewable, initial
Addresses: IPv4:192.168.0.11

Server: afs/[EMAIL PROTECTED]
Ticket etype: des-cbc-crc, kvno 1
Auth time:  Aug 17 02:26:30 2005
End time:   Aug 18 02:26:30 2005
Ticket flags: transited-policy-checked
Addresses: IPv4:192.168.0.11

aquarius heimdal-0.6.5 # bos status -server aquarius -long
bos: failed to contact host's bosserver (ticket contained unknown key version 
number).
aquarius heimdal-0.6.5 # 

My /etc/krb5.conf is attached. Anything wrong in there?
Are there soem enctypes which do not work? I mean, do I have to delete
some of them after afs/cellname principal is created?
Like:
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e 
des-cbc-md5
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e 
des-cbc-md4
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e 
aes256-cts-hmac-sha1-96
# /usr/heimdal/sbin/ktutil -k /etc/krb5.keytab del -p afs/[EMAIL PROTECTED] -e 
arcfour-hmac-md5


Thanks for help
Martin

[libdefaults]
        ticket_lifetime = 7 days
        renew_lifetime = 7 days
        default_realm = DOMA
        encrypt = yes
        forwardable = true
        forward = yes
        proxiable = true
        dns_lookup_kdc = false
        dns_lookup_realm = false
        
        kdc = 192.168.0.11:88
        
        # for Win2K compatibility
        # default_etypes = des-cbc-crc
        # default_etypes_des = des-cbc-crc
        
[realms]
        DOMA = {
              kdc = 192.168.0.11:88
              admin_server = 192.168.0.11:749
              default-domain = doma
        }

[domain_realm]
        .doma = DOMA
        doma = DOMA

[kadmin]
        kdc = 192.168.0.11:88

        # for Win2K compatibility
        # When true, this is the same as
        # default_keys = des3:pw-salt v4
        # and is only left for backwards compatibility.
        #
        # use_v4_salt=yes
        # default_keys = afs3


[appdefaults]
        ticket_lifetime = 7 days
        renew_lifetime = unlimited
        forwardable = true
        proxiable = true
        encrypt = true
        forward = true
        libkafs = {
                afs-use-524 = local
        }

[logging]
        kdc = SYSLOG
        admin_server = SYSLOG
        default = SYSLOG

Reply via email to