On 9/25/2015 9:20 AM, James F. Green wrote: > Does anyone have OpenAFS working on Mac OS X 10.10.5? I've been trying > to get it to work for a while with no success. > > I have the YFS-packaged OpenAFS client installed > (OpenAFS-1.6.14-Yosemite.dmg). Here is what I get with aklog: > > jglt:~ jfgreen$ aklog -c msu.edu -k MSU.EDU > <http://MSU.EDU> -d > Authenticating to cell msu.edu (server afsdb0.cl.msu.edu). > We were told to authenticate to realm MSU.EDU. > Getting tickets: afs/msu....@msu.edu > Getting tickets: a...@msu.edu > Kerberos error code returned by get_cred : -1765328370 > aklog: Couldn't get msu.edu AFS tickets: > aklog: unknown RPC error (-1765328370) while getting AFS tickets >
The error is from the KDC not from the client. -1765328370 = KDC has no support for encryption type You could use wireshark or tcpdump to determine if the error is being returned by the KDC. If so, you should speak to the administrator of your Kerberos realm. The msu.edu cell is behind a firewall so I am unable to check the version of the servers which would provide an indication as to whether or not the servers might be configured to support AES-256-HMAC-SHA1 AFS Keys. The above error is returned from the KDC when the KDC has been configured to refuse requests for a particular encryption type. DES is particularly weak and long term service principals configured to use DES keys can have those keys be cracked in under 24 hours with publicly available tools for small amounts of money. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
