[OpenAFS] OpenAFS+KerberosV permission problem
Richard Wallace
rwallace@a--i--m.com
Wed, 28 May 2003 21:27:57 -0700
Derrick J Brashear wrote:
>On Wed, 28 May 2003, Richard Wallace wrote:
>
>
>
>>But if I run it with -noauth or before getting a ticket (which reverts
>>to a noauth) it displays the users info as:
>>Name: rwallace, id: 1000, owner: system:administrators, creator: anonymous,
>> membership: 1, flags: S----, group quota: unlimited.
>>
>>Clearly the user is there with an id of 1000, so why is pts reporting it
>>can't find it?
>>
>>
>
>because when you send ptserver authentication it doesn't like, it laughs
>at you, instead of dropping it and trying your operation, presumably.
>
>can you put your krb5.conf (from the kdc, which i assume is the same host
>anyway) somewhere we can see it?
>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
Here it is...
[libdefaults]
ticket_lifetime = 600
default_realm = HABITAT.THEWALLACEPACK.NET
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
HABITAT.THEWALLACEPACK.NET = {
kdc = kerberos.habitat.thewallacepack.net:88
kdc = kerberos2.habitat.thewallacepack.net:88
admin_server = kerberos.habitat.thewallacepack.net:749
}
[domain_realm]
.habitat.thewallacepack.net = HABITAT.THEWALLACEPACK.NET
habitat.thewallacepack.net = HABITAT.THEWALLACEPACK.NET
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/mit-krb5/krb5kdc.log
admin_server = FILE:/var/log/mit-krb5/kadmin.log
default = FILE:/var/log/mit-krb5/krb5lib.log
Not much too it. Is there something I should be adding for openafs?
And yes, the kdc and openafs are running on the same machine (it's just
my home network that I'm using for testing 'cause ldap+krb5+afs seems
like such a cool combo =)