[OpenAFS] Using OpenAFS with existing Kerberos servers
Nathan Neulinger
nneul@umr.edu
01 Sep 2003 11:12:29 -0500
Does your key + kvno for the key in krb5 match the key+kvno for the key
in KeyFile? or are you using my patch (based on Doug's) to have krb524
do split-keys?
-- Nathan
On Mon, 2003-09-01 at 11:06, David Howells wrote:
> > Nor am I, actually. Assuming you're using a modern enough Kerberos and the
> > right options (which I believe are default for MIT and need to be
> > specified for Heimdal) krb524 returns not a krb4 ticket but a stripped
> > krb5 ticket for AFS; In either case, it gets crammed into the kernel and
> > the right thing should just happen.
>
> OIC.
>
> > What is the output of "tokens" after you run aklog? For that matter, what
> > does aklog -d (any other args you gave)
> > say?
>
> dhowells>aklog -d cambridge.redhat.com -k CAMBRIDGE.REDHAT.COM
> Authenticating to cell cambridge.redhat.com (server openafs.cambridge.redhat.com).
> We were told to authenticate to realm CAMBRIDGE.REDHAT.COM.
> Getting tickets: afs/cambridge.redhat.com@CAMBRIDGE.REDHAT.COM
> About to resolve name dhowells to id in cell cambridge.redhat.com.
> Id 4043
> Set username to AFS ID 4043
> Setting tokens. AFS ID 4043 / @ CAMBRIDGE.REDHAT.COM
>
>
> dhowells>tokens
>
> Tokens held by the Cache Manager:
>
> User's (AFS ID 4043) tokens for afs@cambridge.redhat.com [Expires Sep 2 01:23]
> --End of list--
>
>
> David
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
UMR Information Technology Fax: (573) 341-4216