afs-krb5 integration
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Oct 17 13:26:36 EDT 2002
>i have strange problems in integrating openafs into krb5.
>I use openafs 1.2.7 and kerberos 1.2.6 for the slave-server and 1.2.4 for
>the kerberos master/admin server.
>I checked everything with these key-versions (thanks to Derek on the openafs
>mailing lis), but it did not help.
>I always get "ticket contained unknown key version number"
At the end of the day, there is a ticket in a Keyfile that does not agree
with the service ticket stored in your KDC. This is the ONLY possible
cause of this error (at least, the only one I've ever seen).
Possible causes of this:
- You're not updating the KeyFile on ALL of your AFS servers (yes, you
have to do them ALL, and the best way to do that is with upclient,
because it needs to be the same one everywhere).
- You entered in the wrong kvno for asetkey.
- You have an old cached service ticket on your client.
There may be more problems, but these are the only ones that I've seen.
I know that some people were unable to make it work, but I am convinced
that they still had one of these problems and they just didn't realize it.
--Ken
More information about the Kerberos
mailing list