[OpenAFS] KRB5 integration problems
Michael Nelson
mikenel@iapetus.com
Sun, 22 Sep 2002 16:48:37 -0400 (EDT)
I'm having issues trying to make Kerberos 5 integration work (MIT Kerb
1.2.2) with OpenAFS 1.2.6. I've spent several hours today trying every
imaginable combination of commands, including starting an AFS cell from
scratch, in an effort to make something work.
I am currently stuck with a "security object was passed a bad ticket"
error when using tools like pts, and plain old permission denied when
ls'ing /afs. I've tried setting the AFS key using both asetkey and bos
addkey to no avail.
I am using the following Kerberos commands to get the security stuff
going:
kadmin.local -e des-cbc-crc:afs3 -q "delprinc -force afs"
kadmin.local -e des-cbc-crc:afs3 -q "delprinc -force admin"
kadmin.local -e des-cbc-crc:afs3 -q "addprinc -e des-cbc-crc:afs3 afs"
kadmin.local -e des-cbc-crc:afs3 -q "modprinc -kvno 0 afs"
kadmin.local -e des-cbc-crc:afs3 -q "ktadd -k /etc/krb5.keytab -e
des-cbc-crc:afs3 afs"
asetkey add 1 /etc/krb5.keytab afs
kadmin.local -e des-cbc-crc:afs3 -q "ktremove -k /etc/krb5.keytab afs all"
kadmin.local -e des-cbc-crc:afs3 -q "addprinc admin"
I am running AFS, krb524, and krb5kdc on a RedHat 7.2 box. I am using a
self-compiled version of OpenAFS 1.2.6 along with the asetkey/aklog RPM
from the openafs.org website. I also tried compiling the source
version of the latter, but it didn't make any difference.
Thanks,
-mike