[OpenAFS] OpenAFS authentication against MIT Kerberos V, part 2

Fabian Aichele faichele@primusnetz.de
Fri, 8 Mar 2002 00:48:35 +0100


Thanks for your swift response! Your hint with keeping the afs key into a
separate keytab file obviously did the trick. I can now successfully
authenticate as AFS admin against my Kerberos server.
Again, thank you for your assistance. At last, I got it to work!

Fabian Aichele
>>On Thu, Mar 07, 2002 at 10:15:53PM +0100, Fabian Aichele wrote:
>> 1. Create Kerberos principal afs@MY.AFS.CELL.NAME with kadmin, put a v4
>> (Did I get that right?) into my Kerberos keytab and check for its kvno to
>> match up with asetkey:
>> 	>addprinc afs
>> 	...
>> 	>ktadd -e des-cbc-crc:v4 afs
>> 	...
>> 	>getprinc afs
>> 	...
>> 	Key: vno 2 DES cbc mode with CRC-32, no salt
>> 	>q
>> 2. use asetkey to put the afs key into /usr/afs/etc/KeyFile
>> 	>asetkey add 2 /etc/krb5.keytab afs
>> 	>asetkey list
>> 	kvno 5: key is: ...
>> 	All done.
>Your kvno in kadmin is 2, yet the one in asetkey is 5?
>To make things easier and to ensure that there is no weirdness, export the
>afs key into a temporary keytab since it does not need to be in the

>Lets see the complete output from asetkey and does "tokens" show a afs
>token after aklog?

>Jason Garman / jgarman@wedgie.org

OpenAFS-info mailing list