[OpenAFS] Kerberos 5, AFS, and no krb524d
Nicholas Henke
henken@seas.upenn.edu
09 Jun 2003 17:25:55 -0400
On Mon, 2003-06-09 at 17:20, Derek Atkins wrote:
> "Douglas E. Engert" <deengert@anl.gov> writes:
>
> > > henken@roughneck henken $ aklog -d
> > > Authenticating to cell roughneck.liniac.upenn.edu (server
> > > roughneck.liniac.upenn.edu).
> > > We've deduced that we need to authenticate to realm UPENN.EDU.
> > > Getting tickets: afs/roughneck.liniac.upenn.edu@UPENN.EDU
> > > About to resolve name henken to id in cell roughneck.liniac.upenn.edu.
> > > Id 2
> > > Set username to AFS ID 2
> > > Setting tokens. AFS ID 2 / @ UPENN.EDU
> > > henken@roughneck henken $
>
> I'm not sure what the the AFS ID 2 / @ UPENN.EDU is all about.
> Your "tokens" output certainly looked normal.
Hrm -- is it possible that the afs token is getting munged at some point
? I have not looked at the source, but what would prevent me from doing
bos listkeys but not bos listusers?
>
> FTR I suggested that file because one of the sipb.mit.edu AFS Servers
> had that in its configuration. It may not be necessary (or needed)
> anymore...
Speaking of which -- do I need to do the appdefaults stuff in krb5.conf
?
>
> I have never actually set up an AFS cell using an afs/cell@REALM (for
> cell != REALM) principal name using OpenAFS.. I maintain such cells,
> but I haven't set one up from scratch.
>
> May I suggest you rm -rf /usr/afs and start over again? ;)
Heh -- I have, and guess I might have to again :)
Nic
--
Nicholas Henke
Penguin Herder & Linux Cluster System Programmer
Liniac Project - Univ. of Pennsylvania