[OpenAFS] kerberos problems
Douglas E. Engert
deengert@anl.gov
Mon, 02 Jun 2003 10:59:30 -0500
You need to add the host principal. host/bishop.dhs.org@BISHOP.DHS.ORG
This should be well covered by the Kerberos instructions.
I would suggest that you use the kerberos@mit.edu mail list, not AFS.
David Bishop wrote:
>
> On Monday 02 June 2003 08:49 am, Douglas E. Engert wrote:
> > Its trying to do cross realm, from BISHOP.DHS.ORG to DHS.ORG
> > It is assuming the sshd server bishop.dhs.org is in realm DHS.ORG
> >
> > Add a [domain_realm] section to the krb5.conf with
> >
> > .dhs.org = BISHOP.DHS.ORG
>
> That fixed that problem (and many thanks for your quick response!). However,
> now it complains with the following:
>
> Jun 02 08:52:51 bishop krb5kdc[8989](info): TGS_REQ (3 etypes {16 1 3})
> 192.168.0.2(16416): UNKNOWN_SERVER: authtime 1054564142,
> david@BISHOP.DHS.ORG for host/bishop.dhs.org@BISHOP.DHS.ORG, Server not found
> in Kerberos database
>
> [ david@bishop ] $ sudo /usr/sbin/kadmin.local
> Authenticating as principal david/admin@BISHOP.DHS.ORG with password.
> kadmin.local: getprincs
> DHS.ORG@BISHOP.DHS.ORG <-added in attempt to fix previous problem
NO!
> K/M@BISHOP.DHS.ORG
> afs@BISHOP.DHS.ORG
> david/admin@BISHOP.DHS.ORG
> david@BISHOP.DHS.ORG
> kadmin/admin@BISHOP.DHS.ORG
> kadmin/changepw@BISHOP.DHS.ORG
> kadmin/history@BISHOP.DHS.ORG
> krbtgt/BISHOP.DHS.ORG@BISHOP.DHS.ORG
> kadmin.local:
>
> Is there any other command I should run to give more info?
>
> --
> "Sorry about the whole 'bomb' thing" - Bruce Rollins
> D.A.Bishop
>
> --------------------------------------------------------------------------------------------
>
> Part 1.2 Type: application/pgp-signature
> Description: signature
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444