[OpenAFS] OpenAFS authentication against MIT Kerberos V, part 2
Fabian Aichele
faichele@primusnetz.de
Thu, 7 Mar 2002 22:15:53 +0100
Hello!
Two days ago I already posted under the same topic, and thanks to your kind
help I got closer to a working AFS/Kerberos V system than I ever was before.
My setup steps according to the KerberosAFSInstall document at
grand.central.org:
1. Create Kerberos principal afs@MY.AFS.CELL.NAME with kadmin, put a v4 key
(Did I get that right?) into my Kerberos keytab and check for its kvno to
match up with asetkey:
>addprinc afs
...
>ktadd -e des-cbc-crc:v4 afs
...
>getprinc afs
...
Key: vno 2 DES cbc mode with CRC-32, no salt
>q
2. use asetkey to put the afs key into /usr/afs/etc/KeyFile
>asetkey add 2 /etc/krb5.keytab afs
>asetkey list
kvno 5: key is: ...
All done.
3. Get kerberos tickets (I am [still] root), then run aklog
>kinit
...
>klist
Ticket cache: FILE:...
Default principal: root@LINUX.HILARENHAUS.HILARITAS.DE
...
Kerberos 4 ticket cache: ...
klist: You have no tickets cached
>aklog
Completes without problem.
4. Try if it works:
>cd /afs
/afs: Permission denied
Syslog:
>aladar kernel: afs: Tokens for user of AFS id 0 for cell
linux.hilarenhaus.hilaritas.de are discarded (rxkad error=19270408)
>translate_et 19270408
ticket contained unknown key version number
AFS commands like bos listkeys -localauth work, so the KeyFile seems to be
OK. But why does AFS refuse to accept my AFS Kerberos V ticket? What part am
I missing (this time)?
Regards,
Fabian Aichele