On 5/10/2012 5:24 PM, Andrew Deason wrote:
On Thu, 10 May 2012 17:17:09 -0500
Andrew Deason<adea...@sinenomine.net> wrote:
This might be a problem:
[root@afs-dev-03 ~]# kinit -kt /var/tmp/afskerbuser.keytab
afs/pitt....@univ.pitt.edu
kinit: KDC has no support for encryption type while getting initial
credentials
That's a little confusing, since the KDC granted you a service ticket
with a DES enctype earlier:
Er, no, this is RHEL6, with MIT krb5 1.9 iirc, which disables DES by
default. If the cause of that is what I think it is, that's a really
confusing error message, since it's not the KDC that's refusing the
request. Add the following:
allow_weak_crypto = true
to the [libdefaults] section of /etc/krb5.conf, and try that again.
It could also be 2008 has DES turned off, and may not give you a TGT with DES.
I wireshark trace of the KRB5 packets would reveal what is actually happening.
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info