[OpenAFS] kerberos problems
David Bishop
tech@bishop.dhs.org
Mon, 2 Jun 2003 08:52:27 -0600
--Boundary-02=_rS22+iRol6xFMIe
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Monday 02 June 2003 08:49 am, Douglas E. Engert wrote:
> Its trying to do cross realm, from BISHOP.DHS.ORG to DHS.ORG
> It is assuming the sshd server bishop.dhs.org is in realm DHS.ORG
>
> Add a [domain_realm] section to the krb5.conf with
>
> .dhs.org =3D BISHOP.DHS.ORG
That fixed that problem (and many thanks for your quick response!). Howeve=
r,=20
now it complains with the following:
Jun 02 08:52:51 bishop krb5kdc[8989](info): TGS_REQ (3 etypes {16 1 3})=20
192.168.0.2(16416): UNKNOWN_SERVER: authtime 1054564142, =20
david@BISHOP.DHS.ORG for host/bishop.dhs.org@BISHOP.DHS.ORG, Server not fou=
nd=20
in Kerberos database
[ david@bishop ] $ sudo /usr/sbin/kadmin.local
Authenticating as principal david/admin@BISHOP.DHS.ORG with password.
kadmin.local: getprincs
DHS.ORG@BISHOP.DHS.ORG <-added in attempt to fix previous problem
K/M@BISHOP.DHS.ORG
afs@BISHOP.DHS.ORG
david/admin@BISHOP.DHS.ORG
david@BISHOP.DHS.ORG
kadmin/admin@BISHOP.DHS.ORG
kadmin/changepw@BISHOP.DHS.ORG
kadmin/history@BISHOP.DHS.ORG
krbtgt/BISHOP.DHS.ORG@BISHOP.DHS.ORG
kadmin.local:
Is there any other command I should run to give more info?
=2D-=20
"Sorry about the whole 'bomb' thing" - Bruce Rollins
D.A.Bishop
--Boundary-02=_rS22+iRol6xFMIe
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQA+22SrEHLN/FXAbC0RAszDAKCTDRywAptSCs0CQ7Rz2ZiF2uuakACgk/14
1X7MzVKSHwfJ68QCgo+oa/Q=
=9WXH
-----END PGP SIGNATURE-----
--Boundary-02=_rS22+iRol6xFMIe--