[OpenAFS] krb5-Problems

Klaas Hagemann kerberos@northsailor.de
Thu, 17 Oct 2002 16:28:51 +0200


....
i tried another version of asetkey from the tu-chemnitz, and this one told
it to me in plaintext....
thanks a lot!!

Klaas

----- Original Message -----
From: "Derek Atkins" <warlord@MIT.EDU>
To: "Klaas Hagemann" <kerberos@northsailor.de>
Cc: <openafs-info@openafs.org>
Sent: Thursday, October 17, 2002 4:16 PM
Subject: Re: [OpenAFS] krb5-Problems


> Well:
>
> --> grep 1765328160 /usr/athena/include/krb5.h
> #define KRB5_CONFIG_NODEFREALM                   (-1765328160L)
>
> So, are you sure your krb5.conf is setup properly?
>
> -derek
>
> "Klaas Hagemann" <kerberos@northsailor.de> writes:
>
> > Hi Derek,
> >
> > thanks for your answer, it did not help, maybe we had some other network
> > problem (they started to switch arount the dns-domains in our
> > testing-envirmoment.
> > Now i want to set up the AFS-Cell again and get the following error
while
> > using asetkey:
> >
> > # asetkey add 6 afskeytab afs/mydomain.de
> > asetkey: unknown RPC error (-1765328160) while parsing AFS principal.
> >
> > I have no ideas what this could be about (the bosserver still runs with
the
> > "noauth" - flag.
> >
> > Thanks Klaas
> >
> >
> > ----- Original Message -----
> > From: "Derek Atkins" <warlord@MIT.EDU>
> > To: "Klaas Hagemann" <kerberos@northsailor.de>
> > Cc: <openafs-info@openafs.org>
> > Sent: Thursday, October 17, 2002 3:03 PM
> > Subject: Re: [OpenAFS] krb5-Problems
> >
> >
> > > Try:
> > >
> > > ktadd -e des-cbc-crc:v4 -k afskeytab afs/mydomain.de
> > >
> > > -derek
> > >
> > > "Klaas Hagemann" <kerberos@northsailor.de> writes:
> > >
> > > > Hi,
> > > >
> > > > i have strange problems with the krb5-integration.
> > > > Here is what i did:
> > > > on my kdc (mit 1.2.6) :
> > > > kadmin.local -e des-cbc-crc:v4
> > > > ank -randkey afs/mydomain.de
> > > > ktadd -k afskeytab afs/mydomain.de
> > > >
> > > > then on my system control machine:
> > > > asetkey add <kvno> afskeytab afs/mydomain.de
> > > > I watched carefully for the key version number, this one is correct.
> > > >
> > > > I can do an kinit and aklog
> > > > aklog -d does not show any errors, i get an afs-token successfully.
> > > >
> > > > But when i do "vos listvldb" for examle, I get
> > > > "Could not access the VLDB for attributes
> > > > rxk: ticket contained unknown key version number"
> > > > although my user is in the user-list.
> > > >
> > > > When i want to access the afs-filespace i get:
> > > > "ct 17 09:08:41 installed kernel: afs: Tokens for user of AFS id 2
for
> > cell
> > > > mydomain.de are discarded (rxkad error=19270408)"
> > > >
> > > > When i want to list the keys using "bos listkeys localhost" i get:
> > > > "bos: ticket contained unknown key version number error encountered
> > while
> > > > listing keys"
> > > >
> > > > On the other hand, it works fine with the -localauth-function:
> > > > # bos listkeys localhost -localauth
> > > > # key 3 has cksum 260487344
> > > > # Keys last changed on Thu Oct 17 10:56:43 2002.
> > > >
> > > > There has been such a problem before on this list, but i could not
> > figure
> > > > out the solution.
> > > > Any help is welcome.
> > > >
> > > > Klaas
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > OpenAFS-info mailing list
> > > > OpenAFS-info@openafs.org
> > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > >
> > > --
> > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > >        Member, MIT Student Information Processing Board  (SIPB)
> > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> > >        warlord@MIT.EDU                        PGP key available
> >
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info