On 3/4/2010 10:56 PM, Stephen Joyce wrote:
> On Thu, 4 Mar 2010, Jeffrey Altman wrote:
>
>> [C:\]translate_et 19270408
>> 19270408 = ticket contained unknown key version number
>>
>> What does kvno report when using the regular user?
>> Is it still three? My guess is not.
>
> After a kinit on a
On Thu, 4 Mar 2010, Jeffrey Altman wrote:
[C:\]translate_et 19270408
19270408 = ticket contained unknown key version number
What does kvno report when using the regular user?
Is it still three? My guess is not.
After a kinit on a client (to a regular user account in AD), the kvno of
afs/cel
[C:\]translate_et 19270408
19270408 = ticket contained unknown key version number
What does kvno report when using the regular user?
Is it still three? My guess is not.
You should not using the -kvno option when creating a keytab with
ktpass. Doing places a kvno into the keytab but does not set
On 3/4/2010 7:44 PM, Stephen Joyce wrote:
> - Add a REG_DWORD (32 bit) named KdcUseRequestedEtypesForTickets with
> value 1 at HKLM\SYSTEM\CurrentControlSet\services\kdc. Without this, the
> DC won't talk DES to clients, even if you do extract a DES-only keytab
> (you'll see "KDC has no support fo
On Thu, Mar 4, 2010 at 8:35 PM, wrote:
> On Thu, 4 Mar 2010, Derrick Brashear wrote:
>
>> On Thu, Mar 4, 2010 at 8:20 PM, wrote:
>>>
>>> I've found that if you run a program to generate tokens and pags
>>> frequently
>>> (about once per second), that fairly soon, the cpu system time on the
>>
>
On Thu, 4 Mar 2010, Derrick Brashear wrote:
On Thu, Mar 4, 2010 at 8:20 PM, wrote:
I've found that if you run a program to generate tokens and pags frequently
(about once per second), that fairly soon, the cpu system time on the
i try to generate pags less often than that.
Me too, but you
On Thu, Mar 4, 2010 at 8:20 PM, wrote:
> I've found that if you run a program to generate tokens and pags frequently
> (about once per second), that fairly soon, the cpu system time on the
i try to generate pags less often than that.
> Maybe this isn't the best fix, but it definitely points out
I've found that if you run a program to generate tokens and pags
frequently (about once per second), that fairly soon, the cpu system time
on the machine will begin to swallow performance, though it takes a little
while to observe it... but if you do that long enough, the machine will
eventuall
Lars:
I did get past the issuing of DES tickets. I have other problems (see my
recent message to the list), but I did enable DES tickets on 2008R2. I did
the following (not all may be required).
- In the DC's Local Security Policy, I enabled all ciphers by checking all
6 boxes at Security Se
I'm trying to test trusting a Windows 2008R2 krb5 realm and am obviously
missing a step somewhere. I get tokens that don't work. I've been following
the steps at
http://www.dementia.org/twiki/bin/view/AFSLore/AdminFAQ#3_51_Can_I_authenticate_to_my_af
I've scanned the list archives and have rea
In the docs, it claims that if you have a token, the afs2nfs
program can use it to allow you afs privledged access via NFS.
This implies a hacked nfs client, does that code still exist and
is it part of the current OpenAFS? Should the whole section just
be deleted?
_ Booker C. Bense
_
On Thu, 04 Mar 2010 13:21:39 -0500
Jeff Blaine wrote:
> Just trying to avoid duplicated effort. Does anyone have
> a script that uses native OS tools to spit out a solid
> guess at the sysname for the box?
>
> I need this for an automated build + install script
> so that I know what directory '
Just trying to avoid duplicated effort. Does anyone have
a script that uses native OS tools to spit out a solid
guess at the sysname for the box?
I need this for an automated build + install script
so that I know what directory 'make dest' has built
into.
If nobody has written one, I will.
Oth
On Thu, 25 Feb 2010 16:08:46 -0500
"John W. Sopko Jr." wrote:
> % vldb_check /usr/afs/db/vldb.DB0 -servers |& head -40
> VLDB_CHECK_WARNING: Ubik header size is 0 (should be 64)
> MH block 0, index 1: 152.2.128.4
> MH block 0, index 3: 152.2.128.3
> MH block 0, index 4: 152.2.129.145
> MH block 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Sorry for a bit OT question:
I want to extend our AD with a Windows 2008R2 server with KDC enabled.
Now I know I need to enable DES enctype again to be able to use OpenAFS
with such a KDC, but I am a bit lost where to enable this.
Found a few poin
15 matches
Mail list logo
