[OpenAFS-devel] I think I'm closer, but....
Adam Thornton
adam@fsf.net
Thu, 10 Jan 2002 12:17:36 -0600
Now I've created my afs@REALM principal, with a v4 des-cbc-crc key.
Over on the AFS bosserver machine I've run kadmin, authenticated as
admin/admin and done a ktadd afs.
Then I exit kadmin and run asetkey on the new /etc/krb5.keytab to,
presumably, extract the key.
Then I should be able to do a kinit -4 afs@REALM, authenticate, and then
run aklog to get a token, right?
But when I do kinit, I get kinit(v4): Password incorrect. I know it's
the same password I gave when I created the key (since it's just "afs"
until I get this right).
Over on the KDC I get a log message: PROCESS_V4: Initial ticket request
Host: 109.90.2.4 User: "afs" ""
Plain old kinit (v5) gives me a "Password incorrect while getting
initial credentials" on the bosserver, and
AS_REQ 10.90.2.4(88): ISSUE authtime 1010686286, afs@REALM for
krbtgt/REALM@REALM
(REALM changed to obscure customer's identity).
I feel like I'm missing something really obvious. It is very much as if
my keys are not really getting translated appropriately.
I'm going to need to do that successful kinit before I can set up any of
the rest of AFS, so that I have someplace to authenticate against,
right?
I'm very confused.
Adam