[OpenAFS] AFS + Kerberos
Maurizio Santini
msantini@pictage.com.ar
Wed, 19 Jan 2005 09:52:19 -0300
Does anyone know how to circumnavigate this kind of egg/chicken problem?
I'm trying to make the kvno for a testuser match the entry in
/etc/krb5.keytab and the KeyFile but every time I do so using "ktadd" I
have to change the password for the user. As a consequence the kvno
gets increased by one and I have the same problem again.
I'm doing this because I get the error "security object was passed a bad
ticket" and I think it's because there's a key mismatch (please correct
me if I'm wrong).
aklog seems to work but If a try to create a file a get 'Permission
denied'. The "tokens" command says "User's (AFS ID 828) tokens for
afs@test.pictage.com.ar" which is correct.
------klist output------
Ticket cache: FILE:/tmp/krb5cc_608
Default principal: testuser@TEST.PICTAGE.COM.AR
Valid starting Expires Service principal
01/18/05 17:42:56 01/19/05 03:42:54
krbtgt/TEST.PICTAGE.COM.AR@TEST.PICTAGE.COM.AR
01/18/05 17:43:10 01/19/05 03:42:54 testuser@TEST.PICTAGE.COM.AR
01/18/05 18:06:44 01/19/05 03:42:54
afs/test.pictage.com.ar@TEST.PICTAGE.COM.AR
------------------------
I'm using KerberosV-1.3.5, OpenAFS 1.2.11 and RHL 7.3
Regards,
Maurizio Santini
System administrator
TenRoses