[OpenAFS] Changing Kerberos Server?

klaas hagemann klaas@northsailor.de
Fri, 2 Aug 2002 09:30:54 +0200


Hi Derek,

krb5.conf is up to date.
I dumped the database on the old server, loaded it on the new server and
createt the stash-file and host-key for the Kebreros Server.
After your mail i createt the afs/Prinzipal new and imported the new key.
But it does not help.
Wenn I do aklog -d i get the following:

> Authenticating to cell testsystem.test (server
afs01.center.testsystem.test).
> We've deduced that we need to authenticate to realm TESTSYSTEM.TEST.
> Getting tickets: afs/testsystem.test@TESTSYSTEM.TEST
> Kerberos error code returned by get_cred: -1765328228
> aklog: Couldn't get testsystem.test AFS tickets:
> aklog: Cannot contact any KDC for requested realm while getting AFS
tickets

So it gets the afs-service ticket from Kerberos but cannot log in to afs
with it.
I have the local Kerberos-KDC as a secondary kdc in the /etc/krb5.conf.
When i start the lokal KDC-Deamon, it works fine. The Kerberos-Database is
the same, host keys are exportet on both kdcs.
The new, extra-Kerberos-Server is Version 1.2.4, the local one 1.2.5.

Any ideas?

Thanks, Klaas
----- Original Message -----
From: "Derek Atkins" <warlord@MIT.EDU>
To: "Klaas Hagemann" <kerberos@northsailor.de>
Cc: <openafs-info@openafs.org>
Sent: Friday, August 02, 2002 12:07 AM
Subject: Re: [OpenAFS] Changing Kerberos Server?


> Is your krb5.conf up to date with the new KDC location?
> Did you just rename the KDC or did you create a new
> database?  Are you sure the AFS key is the same?
> What do you get from 'aklog -d'?
>
> -derek
>
> "Klaas Hagemann" <kerberos@northsailor.de> writes:
>
> > Hi,
> >
> > i have installed OpenAFS with Kerberos-Integration on my
Kerberos-Server.
> > Now my Kerberos-Server has moved.
> >
> > Kerberos itsself works fine, i get a ticket and also get the afs/REALM
> > ticket. But aklog then fails.
> > It says:
> > couldn't get afs tickets:
> > cannot contact any kdc for requested realm while getting AFS-Tickets
> >
> > When i then do klist, i have the service ticket for afs, so kerberos
works
> > and /etc/krb5.conf is correct.
> > When i start kerberos services on the afs-server again, it works fine.
> >
> > Any ideas?
> >
> > Klaas
> >
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info