So If my problem is key mismatch how do I solve it? I mean what do I need to do for the kvno number match the other entries?
Thanks, Maurizio On Wed, 2005-01-19 at 10:08, sophana wrote: > If you want that ktadd duplicates a key into a keytab without scrambling > it, it is not possible. > This is a security feature of kerberos. > > ktadd always scramble the key before copying it into the keytab file. > > I had the same problem, and there is no (easy) solution. > > Hope this helps... > > Maurizio Santini wrote: > > >Does anyone know how to circumnavigate this kind of egg/chicken problem? > > > >I'm trying to make the kvno for a testuser match the entry in > >/etc/krb5.keytab and the KeyFile but every time I do so using "ktadd" I > >have to change the password for the user. As a consequence the kvno > >gets increased by one and I have the same problem again. > > > >I'm doing this because I get the error "security object was passed a bad > >ticket" and I think it's because there's a key mismatch (please correct > >me if I'm wrong). > > > >aklog seems to work but If a try to create a file a get 'Permission > >denied'. The "tokens" command says "User's (AFS ID 828) tokens for > >[EMAIL PROTECTED]" which is correct. > > > >------klist output------ > >Ticket cache: FILE:/tmp/krb5cc_608 > >Default principal: [EMAIL PROTECTED] > > > >Valid starting Expires Service principal > >01/18/05 17:42:56 01/19/05 03:42:54 > >krbtgt/[EMAIL PROTECTED] > >01/18/05 17:43:10 01/19/05 03:42:54 [EMAIL PROTECTED] > >01/18/05 18:06:44 01/19/05 03:42:54 > >afs/[EMAIL PROTECTED] > >------------------------ > > > >I'm using KerberosV-1.3.5, OpenAFS 1.2.11 and RHL 7.3 > > > >Regards, > > > >Maurizio Santini > >System administrator > >TenRoses > > > >_______________________________________________ > >OpenAFS-info mailing list > >OpenAFS-info@openafs.org > >https://lists.openafs.org/mailman/listinfo/openafs-info > > > > > > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info