[OpenAFS] OpenAFS + krb5

Nathan Ward nward@esphion.com
Wed, 27 Nov 2002 11:26:50 +1300 

I also notice some UDP packets to and from port 32769, some get thru, but many get ICMP Destination Unreachables back.

On Wed, 27 Nov 2002 10:20:10 +1300
"Nathan Ward" <nward@esphion.com> wrote:

> Hi,
> 
> I have been tearing my hair out the last few days trying to get this working, to no avail.
> 
> I have krb5kdc and krb524d running on a machine.
> I have an AFS principal in the KDC.
> I have all the correct info in DNS.
> 
> I keep getting those evil rxkad error 19270408's and I have tried the following:
> - Having an afs/alb-nz.esphion.com@ALB-NZ.ESPHION.COM principal
> - Having an afs@ALB-NZ.ESPHION.COM principal
> - Specifying -e des-cbc-crc:v4
> - Specifying -e des-cbc-crc:normal
> - Specifying -e des-cbc-crc:afs3
> - A patch to krb524d.c to make it return the correct kvno.
> - Having matching kvno's in my KeyFile and my KDC ( I check with getprinc <principal> and bos listkeys
>   serv-1 localauth ) 
> 
> I have openafs configured to after running afs-newcell. afs-rootvol fails on fs setacl /afs system:anyuser rl.
> ls /afs fails also. 
> The rxkad error appears in my system logs for both.
> 
> Is there a way to see what kvno krb524d is spitting out?  What does the -k krb524d option do?
> 
> Google seems to be telling me many different things (above), none of them worked.
> 
> Are there any useful debug commands I can use other than:
> - bos listkeys
> - aklog -d
> - kadmin: getprinc <princ>
> - ktutil: list
> - klist -cfean
> 
> Thanks for any help you can give.
> 
> -- 
> 
> Nathan Ward
> System Administrator
> Esphion Ltd.
> 
> PH:    +64 9 4142060      | EMail: nward@esphion.com
> MOB:   +64 9 21 431675    | Web:   www.esphion.com
> 
> --
> 
> This message is provided "AS IS" with no warranties, and confers no rights.
> Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
> Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request.  I retaliate viciously against spammers and spam sites.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 


-- 

Nathan Ward
System Administrator
Esphion Ltd.

PH:    +64 9 4142060      | EMail: nward@esphion.com
MOB:   +64 9 21 431675    | Web:   www.esphion.com

--

This message is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request.  I retaliate viciously against spammers and spam sites.