[OpenAFS] Newbie Question
Kevin Coffman
kwc@citi.umich.edu
Fri, 2 May 2008 13:08:27 -0400
On Fri, May 2, 2008 at 12:26 PM, Gary Bowling <gb@gbco.us> wrote:
>
> I found a bit more information that may point to my problem. In the
> /var/log/krb5kdc.log log file I get the following errors. But I'm not sure
> how to resolve.
>
>
> May 02 11:19:26 homepc.gbco.us krb5kdc[2192](info): AS_REQ (7 etypes {18 17
> 16 23 1 3 2}) 10.0.0.150: ISSUE: authtime 1209745166, etypes {rep=16 tkt=16
> ses=16}, admin@GBCO.US for krbtgt/GBCO.US@GBCO.US
> May 02 11:19:26 homepc.gbco.us krb5kdc[2192](info): AS_REQ (7 etypes {18 17
> 16 23 1 3 2}) 10.0.0.150: ISSUE: authtime 1209745166, etypes {rep=16 tkt=16
> ses=16}, admin@GBCO.US for krbtgt/GBCO.US@GBCO.US
> May 02 11:19:38 homepc.gbco.us krb5kdc[2192](info): TGS_REQ (1 etypes {1})
> 10.0.0.150: UNKNOWN_SERVER: authtime 1209745166, admin@GBCO.US for
> afs/gbco.us@GBCO.US, Server not found in Kerberos database
> May 02 11:19:38 homepc.gbco.us krb5kdc[2192](info): TGS_REQ (1 etypes {1})
> 10.0.0.150: UNKNOWN_SERVER: authtime 1209745166, admin@GBCO.US for
> afs/gbco.us@GBCO.US, Server not found in Kerberos database
> May 02 11:19:38 homepc.gbco.us krb5kdc[2192](info): TGS_REQ (1 etypes {1})
> 10.0.0.150: UNKNOWN_SERVER: authtime 1209745166, admin@GBCO.US for
> afs/gbco.us@GBCO.US, Server not found in Kerberos database
> May 02 11:19:38 homepc.gbco.us krb5kdc[2192](info): TGS_REQ (1 etypes {1})
> 10.0.0.150: UNKNOWN_SERVER: authtime 1209745166, admin@GBCO.US for
> afs/gbco.us@GBCO.US, Server not found in Kerberos database
> May 02 11:19:38 homepc.gbco.us krb5kdc[2192](info): TGS_REQ (1 etypes {1})
> 10.0.0.150: ISSUE: authtime 1209745166, etypes {rep=16 tkt=16 ses=1},
> admin@GBCO.US for afs@GBCO.US
> May 02 11:19:38 homepc.gbco.us krb5kdc[2192](info): TGS_REQ (1 etypes {1})
> 10.0.0.150: ISSUE: authtime 1209745166, etypes {rep=16 tkt=16 ses=1},
> admin@GBCO.US for afs@GBCO.US
This is normal. You created the afs principal as "afs", not
"afs/<cell-name>". It [whatever you are using to get tokens] is
trying with the cellname first, and then falling back to just
"afs@REALM" and succeeds.