[OpenAFS] OpenAFS authentication against MIT Kerberos V, part 2

Fabian Aichele faichele@primusnetz.de
Thu, 7 Mar 2002 22:15:53 +0100


Two days ago I already posted under the same topic, and thanks to your kind
help I got closer to a working AFS/Kerberos V system than I ever was before.
My setup steps according to the KerberosAFSInstall document at

1. Create Kerberos principal afs@MY.AFS.CELL.NAME with kadmin, put a v4 key
(Did I get that right?) into my Kerberos keytab and check for its kvno to
match up with asetkey:
	>addprinc afs
	>ktadd -e des-cbc-crc:v4 afs
	>getprinc afs
	Key: vno 2 DES cbc mode with CRC-32, no salt
2. use asetkey to put the afs key into /usr/afs/etc/KeyFile
	>asetkey add 2 /etc/krb5.keytab afs
	>asetkey list
	kvno 5: key is: ...
	All done.

3. Get kerberos tickets (I am [still] root), then run aklog
	Ticket cache: FILE:...
	Kerberos 4 ticket cache: ...
	klist: You have no tickets cached
	Completes without problem.

4. Try if it works:
	>cd /afs
	/afs: Permission denied
	>aladar kernel: afs: Tokens for user of AFS id 0 for cell
linux.hilarenhaus.hilaritas.de are discarded (rxkad error=19270408)
	>translate_et 19270408
	ticket contained unknown key version number

AFS commands like bos listkeys -localauth work, so the KeyFile seems to be
OK. But why does AFS refuse to accept my AFS Kerberos V ticket? What part am
I missing (this time)?


Fabian Aichele