[OpenAFS] Kerberos 5, AFS, and no krb524d

Douglas E. Engert deengert@anl.gov
Mon, 09 Jun 2003 16:40:34 -0500


Derek Atkins wrote:
> 
> Nicholas Henke <henken@seas.upenn.edu> writes:
> 
> > Hrm -- is it possible that the afs token is getting munged at some point
> > ? I have not looked at the source, but what would prevent me from doing
> > bos listkeys but not bos listusers?
> 
> listkeys requires you to be in the SUsers list; listusers does not.

I tried it on my cell, and it looks like you also have to have a token to
see the listkeys. So itmight be the token is bad. Wrong key? 

Clock sync to within 5 minutes?

Using the production krb524d and not the one he thought it was?


> 
> > > FTR I suggested that file because one of the sipb.mit.edu AFS Servers
> > > had that in its configuration.  It may not be necessary (or needed)
> > > anymore...
> >
> > Speaking of which -- do I need to do the appdefaults stuff in krb5.conf
> > ?
> 
> I dont know.
> 
> > > I have never actually set up an AFS cell using an afs/cell@REALM (for
> > > cell != REALM) principal name using OpenAFS..  I maintain such cells,
> > > but I haven't set one up from scratch.
> > >
> > > May I suggest you rm -rf /usr/afs and start over again?  ;)
> >
> > Heh -- I have, and guess I might have to again :)
> 
> :)
> 
> -derek
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444