[OpenAFS-devel] aklog on OS X does not contact KDC to obtain AFS serivce principal
Marcus Crestani
crestani@informatik.uni-tuebingen.de
Thu, 31 Jul 2014 11:01:35 +0200
When using aklog (OpenAFS-1.6.6) on OS X 10.9.4 without an AFS service
principal in the ticket cache, e.g.
# klist
Credentials cache: API:F46BD8F1-7C3C-43F9-835B-9D9692183AC2
Principal: mc@INFORMATIK.UNI-TUEBINGEN.DE
Issued Expires Principal
Jul 31 10:47:31 2014 Aug 1 11:47:31 2014 krbtgt/INFORMATIK.UNI-TUEBINGEN.DE@INFORMATIK.UNI-TUEBINGEN.DE
aklog fails:
# aklog -d
Authenticating to cell informatik.uni-tuebingen.de (server afsdb1.informatik.uni-tuebingen.de).
Trying to authenticate to user's realm INFORMATIK.UNI-TUEBINGEN.DE.
Getting tickets: afs/informatik.uni-tuebingen.de@INFORMATIK.UNI-TUEBINGEN.DE
We've deduced that we need to authenticate to realm INFORMATIK.UNI-TUEBINGEN.DE.
Getting tickets: afs/informatik.uni-tuebingen.de@INFORMATIK.UNI-TUEBINGEN.DE
Getting tickets: afs/informatik.uni-tuebingen.de@INFORMATIK.UNI-TUEBINGEN.DE
Getting tickets: afs@INFORMATIK.UNI-TUEBINGEN.DE
Kerberos error code returned by get_cred : -1765328324
aklog: Couldn't get informatik.uni-tuebingen.de AFS tickets:
aklog: unknown RPC error (-1765328324) while getting AFS tickets
According to aklog's debugging output above, aklog tries to obtain AFS
service tickets from the KDC. But we do not see any connection attempt
in our KDC's log file from aklog on OS X. (We do see that aklog
successfully asks and receives tickets from the KDC on our Linux
machines, for example.)
When we already have an AFS service principal in the ticket cache, aklog
works fine.
Why does aklog on OS X not try to obtain tickets from the KDC? Is this
a known issue? Or is this a problem in our setup?
Thanks for your help!
--
Marcus