[OpenAFS] aklog not detecting kerberos realm
Andrew Cobaugh
phalenor@gmail.com
Sun, 30 Dec 2007 22:55:26 -0500
Thanks for the quick reply.
On Dec 30, 2007 7:55 PM, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> If your domain_realm mappings were specified in krb5.conf then Kerberos
> referrals would not be used for authentication.
That's the thing, my domain_realm mappings are set up right. In fact,
I'm using a krb5.conf that's identical to the one that works on
another machine.
> aklog is working. You are getting tokens. aklog simply does not know
> that the user is local to the cell and cannot create a foreign realm
> entry for it.
I ran aklog through truss. It's definitely reading in the correct
krb5.conf (I have MIT Kerberos built with sysconfdir=/etc/kerberos, so
I have a copy at /etc/krb5.conf and /etc/kerberos/krb5.conf just to be
safe)
Here is aklog -d sent through truss:
http://www.phalengard.com:8000/~phalenor/aklog-debug
This really doesn't make sense. It almost seems like it's ignoring the
domain_realm section. I'm stumped at this point.
--
Andy Cobaugh
phalenor@gmail.com