On Thu, 25 Jul 2013 11:36:52 -0400 (EDT) Benjamin Kaduk <ka...@mit.edu> wrote:
> The short version is: a misconfigured KDC can cause problems for new > clients against old servers. If that's true, we need to say specifically what that misconfiguration is, so people can check for them and avoid it. I'm not aware of any way to create such a configuration (that behavior sounds instead like a KDC bug to me, without knowing any further details). In particular with AD, the AFS service account must already have the USE_DES_KEY_ONLY userAccountControl bit set in order for us to work at all with plain rxkad. Lars, do you know if the "Use Kerberos DES encryption types for this account" account option is checked for the AFS service account? Do you see any errors in wherever the Windows client normally logs errors? Can you access that path if you destroy your tokens? -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info