The simplest solution: use gssklog of D.E.Engert. The token then
comes from an AFS vlservers KeyFile
and not from an entry afs/**@*** in some krb5kdc. Just run some gssklogd
and switch from aklog to
gssklog in your profiles. Some times ago, even CERN.ch used it.
The original tarfile can still be found at
http://www.hep.man.ac.uk/u/masj/gssklog/
or try my updated version at
http://95.217.219.185/ContribAFS/Gssklog-0.11.tar
The binaries were done on ScientificLinux-6.10 with a newer KRB5 in
/opt/krb5/
and a static compilation of openafs (had to fix hcrypto and roken libs
there)
Best regards
R. Laatsch
=================================================================
On 2020-09-14 10:32, ProbaNet SRLS wrote:
Hello!
Recent releases of krb5 (> 1.18) no longer support single des
encryption (the "allow_weak_crypto = yes" option in krb5.conf client
side has no longer effect), so now we get this error with "aklog -d":
---
Kerberos error code returned by get_cred : -1765328370
aklog: Couldn't get XXXXX AFS tickets:
aklog: KDC has no support for encryption type while getting AFS tickets
---
How should we proceed?
Stefano
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
