[OpenAFS] unable to authenticate to openafs via aklog

[Stefan Nobis]

Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:

>>BTW: krb524init also said "Improper format of translation database
>>entry converting to V4 credentials".

> What exactly is the name of the AFS service principal you're trying to
> acquire?  It looks like from the code that there might be a problem

My Kerberos Realm is CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE and
my afs cell is cluster.retina.e-technik.uni-dortmund.de.

My first try was a service principal
afs@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE

But one time i tried a principal with the cell as instance (this
always appeared in the log files) but instead of

afs/cluster.retina.e-technik.uni-dortmund.de@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE

aklog tries (first) to get the principal

afs/cluster.retina.e-technik.uni-dortmund.d@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE

(so it seems the principal/instance is one character too long).

> with the name (badly formatted or too long).  As a last resort, build
> krb524d with full debugging and run it under gdb.

Here is the complete (unchanged) list of Kerberos principals:

kadmin.local:  listprincs
K/M@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
afs@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
kadmin/admin@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
kadmin/changepw@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
kadmin/history@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
krbtgt/CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
root/admin@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
stefan/admin@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE
stefan@CLUSTER.RETINA.E-TECHNIK.UNI-DORTMUND.DE

(BTW: The long realm name is nesseccary because there is already
another realm retina.e-technik.uni-dortmund.de running (not by me
but AFAIK there are no problems with openafs and krb5kdc))

-- 
Until the next mail...,
Stefan.