[OpenAFS] krb5.conf, kinit -4, and kaserver
David Botsch
dwb7@ccmr.cornell.edu
Thu, 20 Feb 2003 17:27:42 -0500
Hi.
I'm trying to use the krb5 packages with redhat to get a kerberos 4
ticket from the kaserver. So, I would edit krb5.conf and then do kinit
-4 principal. I get a password incorrect. I suspect a stringtokey
issue. Any thoughts?
Here's the krb5.conf file.
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MSC.CORNELL.EDU
default_keytab_name = /etc/srvtab
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MSC.CORNELL.EDU = {
kdc = kerberos1.ccmr.cornell.edu
kdc = kerberos2.ccmr.cornell.edu
kdc = kerberos3.ccmr.cornell.edu
admin_server = kerberos1.ccmr.cornell.edu
default_domain = MSC.CORNELL.EDU
support_keytypes = des:normal des-cbc-crc:v4 des-cbc-crc:afs des:afs
}
[domain_realm]
.msc.cornell.edu = MSC.CORNELL.EDU
msc.cornell.edu = MSC.CORNELL.EDU
.ccmr.cornell.edu = MSC.CORNELL.EDU
ccmr.cornell.edu = MSC.CORNELL.EDU
MSC.CORNELL.EDU = MSC.CORNELL.EDU
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
}
~
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************