[OpenAFS] OpenAFS + krb5

Nathan Ward nward@esphion.com
Wed, 27 Nov 2002 10:20:10 +1300 

Hi,

I have been tearing my hair out the last few days trying to get this working, to no avail.

I have krb5kdc and krb524d running on a machine.
I have an AFS principal in the KDC.
I have all the correct info in DNS.

I keep getting those evil rxkad error 19270408's and I have tried the following:
- Having an afs/alb-nz.esphion.com@ALB-NZ.ESPHION.COM principal
- Having an afs@ALB-NZ.ESPHION.COM principal
- Specifying -e des-cbc-crc:v4
- Specifying -e des-cbc-crc:normal
- Specifying -e des-cbc-crc:afs3
- A patch to krb524d.c to make it return the correct kvno.
- Having matching kvno's in my KeyFile and my KDC ( I check with getprinc <principal> and bos listkeys
  serv-1 localauth ) 

I have openafs configured to after running afs-newcell. afs-rootvol fails on fs setacl /afs system:anyuser rl.
ls /afs fails also. 
The rxkad error appears in my system logs for both.

Is there a way to see what kvno krb524d is spitting out?  What does the -k krb524d option do?

Google seems to be telling me many different things (above), none of them worked.

Are there any useful debug commands I can use other than:
- bos listkeys
- aklog -d
- kadmin: getprinc <princ>
- ktutil: list
- klist -cfean

Thanks for any help you can give.

-- 

Nathan Ward
System Administrator
Esphion Ltd.

PH:    +64 9 4142060      | EMail: nward@esphion.com
MOB:   +64 9 21 431675    | Web:   www.esphion.com

--

This message is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request.  I retaliate viciously against spammers and spam sites.