[OpenAFS] Moving Kerberos

James D. Nurmi jnurmi-openafs-info@qwe.cc
Tue, 25 Feb 2003 12:05:42 -0500


the krb5.conf is correctly stating that the kdc & adminserver are the 
newly CNamed kerberos1 machine... Kinit works, aklog works.  klist lists 
out the new ticket, tokens claims to have tokens... However if I try to 
enter a section on /afs that requires anything above system:anyuser 
(from any client machine) gets:

afs: Tokens for user of AFS id 2 for cell econ.vt.edu are discarded 
(rxkad error=19270408)

Interestingly, klog fails, and AFS for windows says Authentication 
Server cannot be found...

Still toying with it though...  I'll let you know if i get any 
breakthroughs....

Derek Atkins wrote:

>Set your krb.conf/krb5.conf to point to the new KDC.
>
>Or do you mean you're actually using "klog"???
>
>-derek
>
>"James D. Nurmi" <jnurmi-openafs-info@qwe.cc> writes:
>
>  
>
>>I've been attempting of late to rotate some of the functionality of
>>our servers to accomodate a new machine... In the process, I would
>>like to move kerberos off of one of our AFS machines onto its own box.
>>I got the KDC moved as well as possible, and all services work
>>normally, except for AFS...  Is there a way to tell AFS where to look
>>for the kerberos server?  or does it /have/ to be on the ptServer?
>>
>>James Nurmi
>>
>>
>>_______________________________________________
>>OpenAFS-info mailing list
>>OpenAFS-info@openafs.org
>>https://lists.openafs.org/mailman/listinfo/openafs-info
>>    
>>
>
>  
>