[OpenAFS] Setup OpenAFS, Heimdahl ans Keyfiles

19 Sep 2002 15:44:05 +0200

On Thu, 2002-09-19 at 15:34, Derek Atkins wrote:
> Did you remove the 3des key from the KDC database?

no, but removing it doesn't help either:

kadmin> del_enctype afs des3-cbc-sha1

kadmin> ext_keytab -k /tmp/afs.keytab afs

kdc:/etc # ktutil -k /tmp/afs.keytab list
/tmp/afs.keytab:

Vno  Type         Principal
  2  des-cbc-crc  afs@NETLABS.DEV
  2  des-cbc-md4  afs@NETLABS.DEV
  2  des-cbc-md5  afs@NETLABS.DEV

ok, it is really gone ....

kdc:/etc # kdestroy
kdc:/etc # klist
klist: No ticket file: /tmp/krb5cc_0

   V4-ticket file: /tmp/tkt0
klist: No ticket file (tf_util)
kdc:/etc # kinit admin
admin@NETLABS.DEV's Password:
kdc:/etc # /download/i386_linux2/aklog -d
Authenticating to cell netlabs.dev (server kdc).
We've deduced that we need to authenticate to realm NETLABS.DEV.
Getting tickets: afs/@NETLABS.DEV
About to resolve name admin to id in cell netlabs.dev.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 /  @ NETLABS.DEV
aklog: unable to obtain tokens for cell netlabs.dev (status: 11862791).
kdc:/etc # klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: admin@NETLABS.DEV

  Issued           Expires          Principal
Sep 19 17:41:02  Sep 20 03:41:02  krbtgt/NETLABS.DEV@NETLABS.DEV
Sep 19 17:41:18  Sep 20 03:41:02  afs@NETLABS.DEV

   V4-ticket file: /tmp/tkt0
        Principal: admin@NETLABS.DEV

  Issued           Expires          Principal
Sep 19 17:41:02  Sep 20 03:41:02  krbtgt.NETLABS.DEV@NETLABS.DEV

Holger Brueckner