[Joakim Fallsjo] Re: [OpenAFS] Re: SuSe 9.0 &Heimdal.6

Joakim Fallsjo fallsjo+lists@sanchin.se
Wed, 24 Dec 2003 11:02:32 +0100 

--=-=-=

Forgot to copy to the list...


--=-=-=
Content-Type: message/rfc822
Content-Disposition: inline

X-From-Line: nobody Wed Dec 24 10:48:24 2003
To: "ted creedon" <tcreedon@easystreet.com>
Subject: Re: [OpenAFS] Re: SuSe 9.0 &Heimdal.6
Content-Language: sv
X-Draft-From: ("nnml+private:mail.list.openafs.info" 2762)
References: <00b601c3c9de$56969e20$a701010a@teddoris.fam>
From: Joakim Fallsjo <fallsjo+lists@sanchin.se>
Date: Wed, 24 Dec 2003 10:48:22 +0100
In-Reply-To: <00b601c3c9de$56969e20$a701010a@teddoris.fam> (ted creedon's
 message of "Tue, 23 Dec 2003 21:25:26 -0800")
Message-ID: <regpteea6mx.fsf@sai.sanchin.se>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Portable Code, linux)
Xref: sai.sanchin.se mail.list.openafs.info:2764
Lines: 52
MIME-Version: 1.0

"ted creedon" <tcreedon@easystreet.com> writes:

> How does one verify the consistency of the AFS tokens/tickets vs KRB5?
> Can one delete keys from the keyfiles and start anew?
>
> Does this help at all:
>
> shemya:/var/log/openafs # pts examine -nameorid afs -cell tedcell
> pts: User or group doesn't exist so couldn't look up id for afs
>
> shemya:/var/log/openafs # pts examine -nameorid admin -cell tedcell
> Name: admin, id: 502, owner: system:administrators, creator: anonymous,
> membership: 1, flags: S----, group quota: unlimited.
>
> Pts listentries shows
> anonymous...
> admin...
>
> Rebooted and bad ticket errors...sigh.
>
> Ted
> -----Original Message-----
> From: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.org]
> On Behalf Of Derrick J Brashear
> Sent: Tuesday, December 23, 2003 6:30 PM
> To: openafs-info@openafs.org
> Subject: RE: [OpenAFS] Re: SuSe 9.0 &Heimdal.6
>
> On Tue, 23 Dec 2003, ted creedon wrote:
>
>> Yes there is a syslog message:
>>
>> 'kernel: afs: Tokens for user of AFS id 0 for cell tedcell are
>> discarded'(rxkad error=19270407)
>
> suggests the afs key on the servers does not match that in the kdcs.
>
>> 	add -r afs@TED.FAM
>> 	del_enctype afs@TED.FAM des3-cbc-sha1
>> 	ext_keytab  afs@TED.FAM
>

Or take a look at heimdals infofile:

info heimdal Applications AFS

Read the section about "How to get a KeyFile"

/JockeF
-- 
"We are a major superpower with a third-world electrical grid"
				Gov. Bill Richardson of New Mexico

--=-=-=



-- 
"We are a major superpower with a third-world electrical grid"
				Gov. Bill Richardson of New Mexico

--=-=-=--