[OpenAFS] Problem with klog

Steven Jenkins steven.jenkins@gmail.com
Fri, 29 May 2009 10:50:40 -0400

On Fri, May 29, 2009 at 10:18 AM, David Robson <David.Robson@jet.uk> wrote:

>> My suggestion is to not worry about klog at all and instead use kadmin
>> to create principals, kinit to get Kerberos tickets, and aklog to
>> convert those tickets to AFS tokens.
> This works fine on the AFS server, but how do I get it to work on an AFS
> client?

Can you confirm that you're successfully getting Kerberos tickets on
the client?  e.g., can you kinit to a principal you know exists and
show the output with 'klist'?

Once you have a ticket, you should be able to run 'aklog' and convert
tickets to tokens. If that doesn't work, it would be helpful to see
the output of klist, as well as the output of the -d option to aklog.

> I thought that all that was required was for the sysadmin (on the client)=
> define my cell and server in /usr/vice/etc/CellServDB.local on the client=
> and
> restart openafs-client. =A0Users would be able to authenticate with
> kinit/aklog
> Obviously I was wrong. =A0What needs doing on the client?

You're correct -- my suspicion is that your Kerberos configuration
(/etc/krb5.conf) on your client does  not match what you have on your
server, but that's just a guess.

Steven Jenkins
End Point Corporation