[OpenAFS] Re: SuSe 9.0 &Heimdal.6
ted creedon
tcreedon@easystreet.com
Mon, 29 Dec 2003 15:34:52 -0800
Using kadmin -l
Ank -r afs/tedcell@TED-DORIS.FAM
Del_enctype afs/tedcell@TED-DORIS.FAM des3-cbc-sha1
List -l afs/tedcell@TED-DORIS.FAM gives kvno of 2
Ext_keytab afs/tedcell@TED-DORIS.FAM
Ext_keytab -k AFSFILE:/etc/openafs/server/KeyFile =
afs/tedcell@TED-DORIS.FAM
Quit
When I run=20
Kinit --use-keytab --keytab=3DAFS:/etc/openafs/server/KeyFile
afs/tedcell@TED-DORIS.FAM
There is an error:
Kinit:krb5_get_init_creds: failed to find afs/tedcell@TED-DORIS.FAM in
keytab /etc/openafs/server/KeyFile
ted
-----Original Message-----
From: openafs-info-admin@openafs.org =
[mailto:openafs-info-admin@openafs.org]
On Behalf Of Jeffrey Hutzelman
Sent: Monday, December 29, 2003 10:55 AM
To: openafs-info@openafs.org
Subject: RE: [OpenAFS] Re: SuSe 9.0 &Heimdal.6
On Wednesday, December 24, 2003 00:57:10 -0500 Derrick J Brashear=20
<shadow@dementia.org> wrote:
> On Tue, 23 Dec 2003, ted creedon wrote:
>
>> How does one verify the consistency of the AFS tokens/tickets vs =
KRB5?
>> Can one delete keys from the keyfiles and start anew?
>>
>
> The pts info is still entirely out of scope for what you're asking.
> You can delete the keyfiles and start over. The key and the kvno must
> match in the KeyFile and the KDC database. You should have no des3 =
key.
>
> It should be possible to write a tool to take a KeyFile and get a krb5
> ticket with the key. Maybe someday I'll get some free time.
(assuming Heimdal...)
kinit --use-keytab --keytab=3DAFS:/usr/afs/etc/KeyFile =
afs/cell.name@REALM
Due to limitations in the 'AFS' keytab backend, this works only if your =
AFS=20
cell is keyed as afs/cell.name@REALM rather than afs@REALM, as is common =
in=20
cells that have been around for a while. Also, it is necessary for=20
/usr/afs/etc/ThisCell to exist, even if you did not compile OpenAFS with =
--enable-transarc-paths.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info