[OpenAFS] OpenAFS authentication against MIT Kerberos V, part 2
Fabian Aichele
faichele@primusnetz.de
Fri, 8 Mar 2002 00:48:35 +0100
Hello!
Thanks for your swift response! Your hint with keeping the afs key into a
separate keytab file obviously did the trick. I can now successfully
authenticate as AFS admin against my Kerberos server.
Again, thank you for your assistance. At last, I got it to work!
Regards,
Fabian Aichele
>>On Thu, Mar 07, 2002 at 10:15:53PM +0100, Fabian Aichele wrote:
>>
>> 1. Create Kerberos principal afs@MY.AFS.CELL.NAME with kadmin, put a v4
key
>> (Did I get that right?) into my Kerberos keytab and check for its kvno to
>> match up with asetkey:
>> >addprinc afs
>> ...
>> >ktadd -e des-cbc-crc:v4 afs
>> ...
>> >getprinc afs
>> ...
>> Key: vno 2 DES cbc mode with CRC-32, no salt
>> >q
>> 2. use asetkey to put the afs key into /usr/afs/etc/KeyFile
>> >asetkey add 2 /etc/krb5.keytab afs
>> >asetkey list
>> kvno 5: key is: ...
>> All done.
>>
>Your kvno in kadmin is 2, yet the one in asetkey is 5?
>
>To make things easier and to ensure that there is no weirdness, export the
>afs key into a temporary keytab since it does not need to be in the
>/etc/krb5.keytab.
>Lets see the complete output from asetkey and does "tokens" show a afs
>token after aklog?
>--
>Jason Garman / jgarman@wedgie.org
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info