[OpenAFS] Moving Kerberos

Derek Atkins warlord@MIT.EDU
25 Feb 2003 12:34:48 -0500 

"James D. Nurmi" <jnurmi-openafs-info@qwe.cc> writes:

> the krb5.conf is correctly stating that the kdc & adminserver are the
> newly CNamed kerberos1 machine... Kinit works, aklog works.  klist
> lists out the new ticket, tokens claims to have tokens... However if I
> try to enter a section on /afs that requires anything above
> system:anyuser (from any client machine) gets:
> 
> afs: Tokens for user of AFS id 2 for cell econ.vt.edu are discarded
> (rxkad error=19270408)

Are you sure you configured your krb524d to produce old-style afs
tokens?  See the Kerberos documentation.

> Interestingly, klog fails, and AFS for windows says Authentication
> Server cannot be found...

Yea -- klog specifically looks at the AFS DB servers.

> Still toying with it though...  I'll let you know if i get any
> breakthroughs....

-derek

> Derek Atkins wrote:
> 
> >Set your krb.conf/krb5.conf to point to the new KDC.
> >
> >Or do you mean you're actually using "klog"???
> >
> >-derek
> >
> >"James D. Nurmi" <jnurmi-openafs-info@qwe.cc> writes:
> >
> >
> >>I've been attempting of late to rotate some of the functionality of
> >>our servers to accomodate a new machine... In the process, I would
> >>like to move kerberos off of one of our AFS machines onto its own box.
> >>I got the KDC moved as well as possible, and all services work
> >>normally, except for AFS...  Is there a way to tell AFS where to look
> >>for the kerberos server?  or does it /have/ to be on the ptServer?
> >>
> >>James Nurmi
> >>
> >>
> >>_______________________________________________
> >>OpenAFS-info mailing list
> >>OpenAFS-info@openafs.org
> >>https://lists.openafs.org/mailman/listinfo/openafs-info
> >>
> >
> >
> 
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available