[OpenAFS] OpenAFS + krb5
Nathan Ward
nward@esphion.com
Wed, 27 Nov 2002 15:01:43 +1300
HAHA!! Its alive!@#
Thanks Clancy.
/me greps some docs.
damn, its in the README.Debian file
On Tue, 26 Nov 2002 19:39:17 -0600 (CST)
"Charles Clancy" <security@xauth.net> wrote:
> If you're using Kerberos V5 1.2.6 or newer, you need an extra setting in
> your krb5.conf for krb524d:
>
> [appdefaults]
> afs_krb5 = {
> ALB-NZ.ESPHION.COM = {
> afs = false
> afs/alb-nz.esphion.com = false
> }
> }
>
> Otherwise krb524d spits out tickets you won't be able to use. See
> src/krb524d/README in your krb5 source tree for more info.
>
> [ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
>
>
> On Wed, 27 Nov 2002, Nathan Ward wrote:
>
> > Hi,
> >
> > I have been tearing my hair out the last few days trying to get this working, to no avail.
> >
> > I have krb5kdc and krb524d running on a machine.
> > I have an AFS principal in the KDC.
> > I have all the correct info in DNS.
> >
> > I keep getting those evil rxkad error 19270408's and I have tried the following:
> > - Having an afs/alb-nz.esphion.com@ALB-NZ.ESPHION.COM principal
> > - Having an afs@ALB-NZ.ESPHION.COM principal
> > - Specifying -e des-cbc-crc:v4
> > - Specifying -e des-cbc-crc:normal
> > - Specifying -e des-cbc-crc:afs3
> > - A patch to krb524d.c to make it return the correct kvno.
> > - Having matching kvno's in my KeyFile and my KDC ( I check with getprinc <principal> and bos listkeys
> > serv-1 localauth )
> >
> > I have openafs configured to after running afs-newcell. afs-rootvol fails on fs setacl /afs system:anyuser rl.
> > ls /afs fails also.
> > The rxkad error appears in my system logs for both.
> >
> > Is there a way to see what kvno krb524d is spitting out? What does the -k krb524d option do?
> >
> > Google seems to be telling me many different things (above), none of them worked.
> >
> > Are there any useful debug commands I can use other than:
> > - bos listkeys
> > - aklog -d
> > - kadmin: getprinc <princ>
> > - ktutil: list
> > - klist -cfean
> >
> > Thanks for any help you can give.
> >
> > --
> >
> > Nathan Ward
> > System Administrator
> > Esphion Ltd.
> >
> > PH: +64 9 4142060 | EMail: nward@esphion.com
> > MOB: +64 9 21 431675 | Web: www.esphion.com
> >
> > --
> >
> > This message is provided "AS IS" with no warranties, and confers no rights.
> > Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
> > Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request. I retaliate viciously against spammers and spam sites.
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> >
>
>
--
Nathan Ward
System Administrator
Esphion Ltd.
PH: +64 9 4142060 | EMail: nward@esphion.com
MOB: +64 9 21 431675 | Web: www.esphion.com
--
This message is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily constitute those of my employer.
Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request. I retaliate viciously against spammers and spam sites.