[OpenAFS] unable to authenticate to openafs via aklog
Stefan Nobis
stefan-ml@snobis.de
Mon, 07 Jul 2003 16:32:59 +0200
Hi.
I use Debian/sid with openafs 1.2.9, MIT Kerberos5 (libkrb53,
krb5-kdc 1.2.9-1.3.beta4) and openafs-krb5 1.3.
I installed openafs and Kerberos with the
configuration-transcript.txt description from Sam Hartman, who
developed the Debian package.
Kerberos seems to work well. I can get tickets via kinit, list
users via kadmin.local etc. This are my principals:
kadmin.local: listprincs
K/M@REALM
afs/<cell>@REALM
kadmin/admin@REALM
kadmin/changepw@REALM
kadmin/history@REALM
krbtgt/REALM@REALM
root/admin@REALM
stefan/admin@REALM
stefan@REALM
I generated a des-cbc-crc key for afs (is :v4 or :normal etc
important?) and imported it via asetkey.
I generated a new afs cell via Debians afs-newcell script (that
worked fine as far as i could tell).
The superuser/administrative principal is stefan.
But if i now get a ticket for stefan via 'kinit stefan' and then
try to auth to afs via
aklog -d -c <cell> -k REALM
I get this error message:
-------------------------------------------------------------
Authenticating to cell <cell> (server localhost).
We were told to authenticate to realm REALM.
Getting tickets: afs/<cell>@REALM
Kerberos error code returned by get_cred: -1765328207
aklog: Couldn't get <cell> AFS tickets:
aklog: Improper format of translation database entry while getting AFS tickets
-------------------------------------------------------------
klist says:
-------------------------------------------------------------
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: stefan@REALM
Valid starting Expires Service principal
07/07/03 16:29:28 07/08/03 02:29:24 krbtgt/REALM@REALM
07/07/03 16:29:45 07/08/03 02:29:24 afs/<cell>@REALM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-------------------------------------------------------------
tokens says:
-------------------------------------------------------------
Tokens held by the Cache Manager:
--End of list--
-------------------------------------------------------------
I don't know where to look for errors, so any hints would be very welcome.
--
Until the next mail...,
Stefan.