[OpenAFS] MIT Kerberos and openafs... aklog problems actually.
Derek Atkins
warlord@MIT.EDU
21 Aug 2002 10:22:31 -0400
Daniel Sw=E4rd <excds@kth.se> writes:
> I get this weird problem when using aklog.
>=20
> The realm I've setup resides on server kerberos.haninge.kth.se and the
> afs-server is afs.haninge.kth.se, but when I try to use aklog on a
> client machine it says "We-ve deduced that we need to authenticate to
> realm HANINGE.KTH.SE" when the realm I've set up is SYD.KTH.SE.
Why did you choose that realm name? What's the name of your AFS cell?
Kerberos (and AFS) try to deduce the realm name from the FQDN, so
*.haninge.kth.se -> HANINGE.KTH.SE. Anything else requires manual
configuration to tell it otherwise.
> Another problem is that if I get tokens with
> aklog syd.kth.se -k SYD.KTH.SE
what do you get if you use "aklog -d ..."?
> and try to create a volume with "vos create" I get the following error
> message:
> --
> Could not fetch the list of partitions from the server
> rxk: security object was passed a bad ticket
> rxk: security object was passed a bad ticket
Sounds like the KeyFile doesn't match what's being put in the token.
You have krb524d running, right?
> Am I doing something fundamentally wrong when trying to get tokens?
Maybe, maybe not.
> /Daniel
-derek
--=20
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available