It should have it. The exact same krb.conf file except for the allow_weak_crypto line worked fine before when I was using MIT kerberos.
I will check with the admin, though. Thanks -- Dave Goldberg david.goldbe...@verizon.net Ken Dreyer <ktdre...@ktdreyer.com> wrote: On Wed, Feb 22, 2012 at 6:44 AM, David Goldberg <david.goldbe...@verizon.net> wrote: > $ aklog -d > Authenticating to cell sub.my.org. > Getting v5 tickets: afs/sub.my....@sub.my.org > Getting v5 tickets: afs/sub.my....@my.org > Getting v5 tickets: a...@my.org > Kerberos error code returned by get_cred: -1765328377 > aklog.exe: Couldn't get sub.my.org AFS tickets: UNKNOWN_SERVER Looks like aklog is asking for the Kerberos service principal "afs/sub.my....@sub.my.org" (and variations), but the KDC is saying that it doesn't know that principal. Are you sure it is present in your KDC's database? Is DES enabled on this principal and on the KDC? - Ken
