[OpenAFS] krb5 migration Problems

Klaas Hagemann kerberos@northsailor.de
Thu, 17 Oct 2002 18:12:03 +0200 

> What do you get from:
>
>         klist -k -e -f afskeytab
This option (-e -f does not work, sorry..
)dmzs2:/tmp # klist -e -k -t afskeytab
Keytab name: FILE:afskeytab
KVNO Timestamp         Principal
---- ----------------- -----------------------------------------------------
---
   3 10/17/02 18:01:24 afs/mydomain.de@MYDOMAIN.DE (DES cbc mode with
CRC-32)

>         klist -e
dmzs2:/tmp # klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@MYDOMAIN.DE
Valid starting     Expires            Service principal
10/17/02 18:03:09  10/18/02 04:03:07  krbtgt/MYDOMAIN.DE@MYDOMAIN.DE
        Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, DES cbc mode
with CRC-32
10/17/02 18:03:11  10/18/02 04:03:07  afs/mydomain.de@MYDOMAIN.DE
        Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with
CRC-32
>
> Also, what version of krb5 are you running?
I use MIT-Kerberos, Version 1.2.6

> -derek
>
> "Klaas Hagemann" <kerberos@northsailor.de> writes:
>
> > Hi,
> >
> > i still have the same problems using kerberos V authentication for
Openafs.
> > I installed a totally knew openafs-installation.
> > I set up the bosserver with the server processes, everything works fine.
> > I created the kerberos-ticket with
> > kadmin-local -e des-cbc-crc:v4 and
> > ktadd -e des-cbc-crc:v4
> > as described in the previos mails.
> >
> > asetkey works without problems, kvno is set right.
> > root and admin are added to the UserList (bos adduser, pts createuser,
pts
> > adduser system:administrator), worked fine.
> > But then i restart the bosserver without the noauth-flag
> > I kinit as admin and do aklog successfully. I got afs-tokens with user
ID 1.
> > when i want to do "pts listentries" i get the following again:
> >
> > pts: ticket contained unknown key version number ; unable to list
entries
> >
> > I am not allowed to change the rights for root.afs (/afs) and do not get
> > access, although the volume is created.
> >
> > Thanks
> > Klaas
> >
> >
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available