[OpenAFS] Re: rxk error: caller not authorized

J Maynard Gelinas gelinas@lns.mit.edu
Sun, 25 Apr 2004 08:35:21 -0400 (EDT)


On Sun, 25 Apr 2004, J Maynard Gelinas wrote:

> 
> On Sat, 24 Apr 2004, J Maynard Gelinas wrote:
> 
> >
> >   I see two possible solutions to this given that I can't seem to tell
> > krb524d to output the principal name in the form afs@REALM instead of
> > AFS/principal@REALM:
> >
> >   1)  create a new principal of the form: afs/lns.mit.edu@LNS.MIT.EDU.
> > Extract it to a file using the correct encryption form for AFS. Use
> > asetkey to insert the new key on all of my AFS servers.
> 
> rename afs afs/lns.mit.edu
> 
> ?
> 

   Do you mean rename the "afs" principal in the kerberos database to
"afs/lns.mit.edu"? How does one do that? The current krb V5 FAQ states
that this is not implemented, and my copy of kadmin.local doesn't offer
the "renprinc" subcommand. We're running krb5-1.2.4 on the servers and
krb5-1.2.7 on the clients. The FAQ recommends simply deleting and
recreating a new principal instead, but that's essentially what I was
thinking in 1) before. Would an upgrade to krb5-1.3.x offer the means to
do what you recommend?

http://www.faqs.org/faqs/kerberos-faq/general/section-54.html

Cheers,
--Maynard