[OpenAFS] [1.3.86] heimdal/krb5 auth for BOS requests fails during initial cell setup [SOLVED]

scorch scorch@muse.net.nz
Wed, 17 Aug 2005 01:31:54 +0200 

hi Tracy,

thanks for your help and also the instructions. Not only I am now a 
minor deity at cleanly (re)installing OpenAFS & Heimdal on OpenBSD :-), 
but the config now works seamlessly.. Once I got the auth working, the 
fileserver comes up just like I remember it under TransArc :-)

Seems I was stuck on 4 things:
    clean kerberosV setup -- had multiple kvno in the way I think for 
AFSKEYFILE & wasn't sure what tokens to
    missing CellServDB etc across /usr/vice/etc/* &  /etc/afs/* -- I 
symlinked these to usr/afs/etc/*
    trying to do the troubleshooting with arla cache manager disabled
    possible build problems -- ended up with this ./configure:

./configure --enable-transarc-paths --enable-fast-restart 
--enable-bitmap-later --quiet --enable-debug --enable-bos-new-config 
--enable-supergroups --enable-namei-fileserver --disable-kernel-module

In addition, I have enough info to put a decent wiki entry together, 
along with troubleshooting steps --  but that can wait for another 
morning :-)


cheers, scorch
--
out of the frying pan and into the fire


wavey@mercury:/home/wavey $ kinit wavey/afs
wavey/afs@MUSE.NET.NZ's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week

wavey@mercury:/home/wavey $ klist -Tv
Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: wavey/afs@MUSE.NET.NZ
    Cache version: 4

Server: krbtgt/MUSE.NET.NZ@MUSE.NET.NZ
Ticket etype: des3-cbc-sha1, kvno 1
Auth time:  Aug 17 00:50:09 2005
End time:   Aug 17 02:30:09 2005
Renew till: Aug 24 00:50:09 2005
Ticket flags: renewable, initial
Addresses: IPv4:10.0.0.9, IPv4:10.0.0.20

Server: afs/muse.net.nz@MUSE.NET.NZ
Ticket etype: des-cbc-crc, kvno 1
Auth time:  Aug 17 00:50:09 2005
End time:   Aug 17 02:30:09 2005
Ticket flags: transited-policy-checked
Addresses: IPv4:10.0.0.9, IPv4:10.0.0.20


Aug 17 00:50:09  Aug 17 02:30:08  User's (AFS ID 1000) tokens for 
muse.net.nz (256)

wavey@mercury:/home/wavey $ tokens

Tokens held by the Cache Manager:

User's (AFS ID 1000) tokens for afs@muse.net.nz [Expires Aug 17 02:32]
   --End of list--

wavey@mercury:/home/wavey $ /usr/afs/bin/bos restart mercury.muse.net.nz 
-all -cell muse.net.nz
wavey@mercury:/home/wavey $ cp ~/.zshrc /afs/muse.net.nz
wavey@mercury:/home/wavey $ ll /afs/muse.net.nz
total 1.5k
-rw-r--r--    1 daemon   wheel        1.6k Aug 17 01:12 .zshrc
wavey@mercury:/home/wavey $

....

wavey@scorch:/home/wavey $ tokens

Tokens held by the Cache Manager:

User's (AFS ID 1000) tokens for afs@muse.net.nz [Expires Aug 17 02:36]
   --End of list--
wavey@scorch:/home/wavey $ ll /afs/muse.net.nz
total 1.5k
-rw-r--r--    1 daemon   wheel        1.6k Aug 17 01:12 .zshrc