[OpenAFS] Using OpenAFS with existing Kerberos servers

David Howells dhowells@redhat.com
Mon, 01 Sep 2003 17:06:29 +0100

> Nor am I, actually. Assuming you're using a modern enough Kerberos and the
> right options (which I believe are default for MIT and need to be
> specified for Heimdal) krb524 returns not a krb4 ticket but a stripped
> krb5 ticket for AFS; In either case, it gets crammed into the kernel and
> the right thing should just happen.


> What is the output of "tokens" after you run aklog? For that matter, what
> does aklog -d  (any other args you gave)
> say?

  dhowells>aklog -d cambridge.redhat.com -k CAMBRIDGE.REDHAT.COM
  Authenticating to cell cambridge.redhat.com (server openafs.cambridge.redhat.com).
  We were told to authenticate to realm CAMBRIDGE.REDHAT.COM.
  Getting tickets: afs/cambridge.redhat.com@CAMBRIDGE.REDHAT.COM
  About to resolve name dhowells to id in cell cambridge.redhat.com.
  Id 4043
  Set username to AFS ID 4043
  Setting tokens. AFS ID 4043 /  @ CAMBRIDGE.REDHAT.COM 


  Tokens held by the Cache Manager:

  User's (AFS ID 4043) tokens for afs@cambridge.redhat.com [Expires Sep  2 01:23]
     --End of list--