[OpenAFS] kerberos problems

David Bishop tech@bishop.dhs.org
Mon, 2 Jun 2003 10:02:18 -0600 

--Boundary-02=_NU32+cBazwl3/r1
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline


Crap, I knew that, sorry...  I've blown away and started fresh so many time=
s=20
I'm starting to forget to do stuff.  Many apologies for the waste of=20
bandwidth, and I'll redirect my krb questions to mit.edu.

Thanks again for the quick responses!

David

On Monday 02 June 2003 09:59 am, Douglas E. Engert wrote:
> You need to add the host principal. host/bishop.dhs.org@BISHOP.DHS.ORG
> This should be well covered by the Kerberos instructions.
> I would suggest that you use the kerberos@mit.edu mail list, not AFS.
>
> David Bishop wrote:
> > On Monday 02 June 2003 08:49 am, Douglas E. Engert wrote:
> > > Its trying to do cross realm, from BISHOP.DHS.ORG to DHS.ORG
> > > It is assuming the sshd server bishop.dhs.org is in realm DHS.ORG
> > >
> > > Add a [domain_realm] section to the krb5.conf with
> > >
> > >   .dhs.org =3D BISHOP.DHS.ORG
> >
> > That fixed that problem (and many thanks for your quick response!).=20
> > However, now it complains with the following:
> >
> > Jun 02 08:52:51 bishop krb5kdc[8989](info): TGS_REQ (3 etypes {16 1 3})
> > 192.168.0.2(16416): UNKNOWN_SERVER: authtime 1054564142,
> > david@BISHOP.DHS.ORG for host/bishop.dhs.org@BISHOP.DHS.ORG, Server not
> > found in Kerberos database
> >
> > [ david@bishop ] $ sudo /usr/sbin/kadmin.local
> > Authenticating as principal david/admin@BISHOP.DHS.ORG with password.
> > kadmin.local:  getprincs
> > DHS.ORG@BISHOP.DHS.ORG  <-added in attempt to fix previous problem
>
> NO!
>
> > K/M@BISHOP.DHS.ORG
> > afs@BISHOP.DHS.ORG
> > david/admin@BISHOP.DHS.ORG
> > david@BISHOP.DHS.ORG
> > kadmin/admin@BISHOP.DHS.ORG
> > kadmin/changepw@BISHOP.DHS.ORG
> > kadmin/history@BISHOP.DHS.ORG
> > krbtgt/BISHOP.DHS.ORG@BISHOP.DHS.ORG
> > kadmin.local:
> >
> > Is there any other command I should run to give more info?
> >
> > --
> > "Sorry about the whole 'bomb' thing" - Bruce Rollins
> > D.A.Bishop
> >
> > =20
> > -----------------------------------------------------------------------=
=2D-
> >-------------------
> >
> >    Part 1.2       Type: application/pgp-signature
> >            Description: signature

=2D-=20
"Sorry about the whole 'bomb' thing" - Bruce Rollins
D.A.Bishop

--Boundary-02=_NU32+cBazwl3/r1
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+23UNEHLN/FXAbC0RAkemAJ0eXKdm2b3twbp4seSW3vboptR6FACgzMLB
R2HH4kTstha3AAqLmGJUbWw=
=uf2Y
-----END PGP SIGNATURE-----

--Boundary-02=_NU32+cBazwl3/r1--