[OpenAFS] Re: rxk error: caller not authorized
J Maynard Gelinas
gelinas@lns.mit.edu
Sun, 25 Apr 2004 08:35:21 -0400 (EDT)
On Sun, 25 Apr 2004, J Maynard Gelinas wrote:
>
> On Sat, 24 Apr 2004, J Maynard Gelinas wrote:
>
> >
> > I see two possible solutions to this given that I can't seem to tell
> > krb524d to output the principal name in the form afs@REALM instead of
> > AFS/principal@REALM:
> >
> > 1) create a new principal of the form: afs/lns.mit.edu@LNS.MIT.EDU.
> > Extract it to a file using the correct encryption form for AFS. Use
> > asetkey to insert the new key on all of my AFS servers.
>
> rename afs afs/lns.mit.edu
>
> ?
>
Do you mean rename the "afs" principal in the kerberos database to
"afs/lns.mit.edu"? How does one do that? The current krb V5 FAQ states
that this is not implemented, and my copy of kadmin.local doesn't offer
the "renprinc" subcommand. We're running krb5-1.2.4 on the servers and
krb5-1.2.7 on the clients. The FAQ recommends simply deleting and
recreating a new principal instead, but that's essentially what I was
thinking in 1) before. Would an upgrade to krb5-1.3.x offer the means to
do what you recommend?
http://www.faqs.org/faqs/kerberos-faq/general/section-54.html
Cheers,
--Maynard