[OpenAFS] OpenAFS authentication against MIT Kerberos V, part 2

Thu, 7 Mar 2002 16:52:54 -0500

On Thu, Mar 07, 2002 at 10:15:53PM +0100, Fabian Aichele wrote:
> 
> 1. Create Kerberos principal afs@MY.AFS.CELL.NAME with kadmin, put a v4 key
> (Did I get that right?) into my Kerberos keytab and check for its kvno to
> match up with asetkey:
> 	>addprinc afs
> 	...
> 	>ktadd -e des-cbc-crc:v4 afs
> 	...
> 	>getprinc afs
> 	...
> 	Key: vno 2 DES cbc mode with CRC-32, no salt
> 	>q
> 2. use asetkey to put the afs key into /usr/afs/etc/KeyFile
> 	>asetkey add 2 /etc/krb5.keytab afs
> 	>asetkey list
> 	kvno 5: key is: ...
> 	All done.
> 
Your kvno in kadmin is 2, yet the one in asetkey is 5?

To make things easier and to ensure that there is no weirdness, export the
afs key into a temporary keytab since it does not need to be in the
/etc/krb5.keytab.

Lets see the complete output from asetkey and does "tokens" show a afs
token after aklog?

-- 
Jason Garman / jgarman@wedgie.org