[OpenAFS-devel] I think I'm closer, but....

10 Jan 2002 13:44:17 -0500

ktadd will change the key.  But that's ok, you don't want to
"kinit afs@REALM", you want to "kinit <your user name>"

-derek

Adam Thornton <adam@fsf.net> writes:

> Now I've created my afs@REALM principal, with a v4 des-cbc-crc key.
> 
> Over on the AFS bosserver machine I've run kadmin, authenticated as
> admin/admin and done a ktadd afs.
> 
> Then I exit kadmin and run asetkey on the new /etc/krb5.keytab to,
> presumably, extract the key.
> 
> Then I should be able to do a kinit -4 afs@REALM, authenticate, and then
> run aklog to get a token, right?
> 
> But when I do kinit, I get kinit(v4): Password incorrect.  I know it's
> the same password I gave when I created the key (since it's just "afs"
> until I get this right).
> 
> Over on the KDC I get a log message: PROCESS_V4: Initial ticket request
> Host: 109.90.2.4 User: "afs" ""
> 
> Plain old kinit (v5) gives me a "Password incorrect while getting
> initial credentials" on the bosserver, and 
> AS_REQ 10.90.2.4(88): ISSUE authtime 1010686286, afs@REALM for
> krbtgt/REALM@REALM
> 
> (REALM changed to obscure customer's identity).
> 
> I feel like I'm missing something really obvious.  It is very much as if
> my keys are not really getting translated appropriately.
> 
> I'm going to need to do that successful kinit before I can set up any of
> the rest of AFS, so that I have someplace to authenticate against,
> right?
> 
> I'm very confused.
> 
> Adam
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available