[OpenAFS] Re: Odd token/fileserver permission denied problem

Gedaliah Wolosh gwolosh@njit.edu
Fri, 31 Jul 2009 08:45:18 -0400 (EDT)

On Thu, the 9th of Av, 5769 (07/30/2009) Andrew Deason wrote:

> On Thu, 30 Jul 2009 13:51:06 -0400 (EDT)
> Gedaliah Wolosh <gwolosh@njit.edu> wrote:
>> On Thu, the 9th of Av, 5769 (07/30/2009) Jeffrey Altman wrote:
>>> Gedaliah Wolosh wrote:
>>>> Currently our cell is authenticating to both the KA server and
>>>> Krb5. The AFS Keyfile contains principals for both afs and
>>>> afs/cellname.  The KeyFile is distributed via upclient.  This has
>>>> been working for several months without issue.
>>>> A new file server was put in place. If aklog is used to get a
>>>> token, the token does not give the user permission in any volume
>>>> served by this new file server. A token obtained by klog is fine.
>>> The kaserver token will be issued from a realm with the same name
>>> as the cell.  What is the name of the Kerberos v5 realm and if it
>>> is not the same, does it exist in the afs krb.conf file?
>> The Kerberos v5 realm is different from the name of the cell, however
>> the realm name IS in the afs krb.conf file.
> Just to be sure; what is the full path to the krb.conf you're talking
> about?


> When you aklog, does 'tokens' still show that you have tokens after you
> try something where you are denied permission?


> Have you tried restarting the fileserver processes after you've verified
> that /usr/afs/etc is the same as the others?


Gedaliah Wolosh
University Computing Systems - IST
New Jersey Institute of Technology

> -- 
> Andrew Deason
> adeason@sinenomine.net
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info