[OpenAFS] Re: SuSe 9.0 &Heimdal.6

ted creedon tcreedon@easystreet.com
Mon, 29 Dec 2003 15:34:52 -0800


Using kadmin -l
Ank -r afs/tedcell@TED-DORIS.FAM
Del_enctype afs/tedcell@TED-DORIS.FAM des3-cbc-sha1
List -l afs/tedcell@TED-DORIS.FAM gives kvno of 2
Ext_keytab afs/tedcell@TED-DORIS.FAM
Ext_keytab -k AFSFILE:/etc/openafs/server/KeyFile =
afs/tedcell@TED-DORIS.FAM
Quit

When I run=20
Kinit --use-keytab --keytab=3DAFS:/etc/openafs/server/KeyFile
afs/tedcell@TED-DORIS.FAM

There is an error:
Kinit:krb5_get_init_creds: failed to find afs/tedcell@TED-DORIS.FAM in
keytab /etc/openafs/server/KeyFile

ted


-----Original Message-----
From: openafs-info-admin@openafs.org =
[mailto:openafs-info-admin@openafs.org]
On Behalf Of Jeffrey Hutzelman
Sent: Monday, December 29, 2003 10:55 AM
To: openafs-info@openafs.org
Subject: RE: [OpenAFS] Re: SuSe 9.0 &Heimdal.6



On Wednesday, December 24, 2003 00:57:10 -0500 Derrick J Brashear=20
<shadow@dementia.org> wrote:

> On Tue, 23 Dec 2003, ted creedon wrote:
>
>> How does one verify the consistency of the AFS tokens/tickets vs =
KRB5?
>> Can one delete keys from the keyfiles and start anew?
>>
>
> The pts info is still entirely out of scope for what you're asking.
> You can delete the keyfiles and start over. The key and the kvno must
> match in the KeyFile and the KDC database. You should have no des3 =
key.
>
> It should be possible to write a tool to take a KeyFile and get a krb5
> ticket with the key. Maybe someday I'll get some free time.

(assuming Heimdal...)

kinit --use-keytab --keytab=3DAFS:/usr/afs/etc/KeyFile =
afs/cell.name@REALM

Due to limitations in the 'AFS' keytab backend, this works only if your =
AFS=20
cell is keyed as afs/cell.name@REALM rather than afs@REALM, as is common =
in=20
cells that have been around for a while.  Also, it is necessary for=20
/usr/afs/etc/ThisCell to exist, even if you did not compile OpenAFS with =

--enable-transarc-paths.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info