[OpenAFS] Kerberos 5, AFS, and no krb524d
Douglas E. Engert
deengert@anl.gov
Mon, 09 Jun 2003 16:40:34 -0500
Derek Atkins wrote:
>
> Nicholas Henke <henken@seas.upenn.edu> writes:
>
> > Hrm -- is it possible that the afs token is getting munged at some point
> > ? I have not looked at the source, but what would prevent me from doing
> > bos listkeys but not bos listusers?
>
> listkeys requires you to be in the SUsers list; listusers does not.
I tried it on my cell, and it looks like you also have to have a token to
see the listkeys. So itmight be the token is bad. Wrong key?
Clock sync to within 5 minutes?
Using the production krb524d and not the one he thought it was?
>
> > > FTR I suggested that file because one of the sipb.mit.edu AFS Servers
> > > had that in its configuration. It may not be necessary (or needed)
> > > anymore...
> >
> > Speaking of which -- do I need to do the appdefaults stuff in krb5.conf
> > ?
>
> I dont know.
>
> > > I have never actually set up an AFS cell using an afs/cell@REALM (for
> > > cell != REALM) principal name using OpenAFS.. I maintain such cells,
> > > but I haven't set one up from scratch.
> > >
> > > May I suggest you rm -rf /usr/afs and start over again? ;)
> >
> > Heh -- I have, and guess I might have to again :)
>
> :)
>
> -derek
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444