Description of problem: I can't extract an afs3-salted service principal so that "asetkey" works. Version-Release number of selected component: ipa-client-1.1.0-2.fc9.x86_64 How reproducible: always Steps to Reproduce: 1. ipa-addservice afs 2. ipa-getkeytab -s kdc -p afs -e des-cbc-crc:afs3 -k /etc/krb5.keytab.afs Actual results: Warning unrecognized encryption type: [des-cbc-crc:afs3] Expected results: No warnings, then asetkey works. Additional info: using kadmin.local as described in <http://www.dementia.org/twiki/bin/view/AFSLore/FedoraAFSInstall> appears to work (at least asetkey now works), but the service ticket is placed under cn=kerberos instead of cn=services,cn=accounts (apparently this is Bad!). I am no expert in Kerberos or OpenAFS, so it's possible I'm trying to do something slightly stupid.
Matt I remember we discussed this problem before you submitted a bug. Can you please try with just -e des-cbc-crc ? What errors do you get if you use this form ? It would be nice to have krb5kdc.log if openAFS fails to obtain a tgt using a keytab generated this way.
Need to know if there was actually a fix for this -or should be resolved with a different status than MODIFIED? Thanks
jenny - its probably one of those bugs where we wanted to see if we can reproduce the original problem. If we can, then re-open the bug. else, mark it as closed/worksforme
Fix Verified: from install log: 2008-11-26 02:44:23,729 DEBUG [6/13]: adding default keytypes 2008-11-26 02:44:23,777 INFO add krbSupportedEncSaltTypes: aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 modifying entry "cn=BOS.REDHAT.COM,cn=kerberos,dc=bos,dc=redhat,dc=com" modify complete