[OpenAFS] OpenAFS 1.3.71 (CVS), aklog, asetkey, enctype

Mikkel Kruse Johnsen mikkel@linet.dk
Wed, 25 Aug 2004 21:35:08 +0200

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi All

Just installed openafs from CVS (should be close to 1.3.71) on Fedora
Core 2 (kernel-2.6.8-1.521). It works juhuuu. The "afsd" starts and /afs
is mounted.

Its running server and client on the same server and authenticating to
MIT Kerberos V on a other computer.

Added in kadmin:
	"addprinc -randkey afs/orholm.dk"

Extracted the key with:=20
	"ktadd -e des-cbc-crc:v4 afs/orholm.dk"

Added to AFS with (asetkey is a copy from openafs-krb5-1.2.11 package):
	"asetkey add 3 /etc/krb5.keytab afs/orholm.dk"

When trying to access "/afs" "ls: /afs/: Permission denied". I have
added a user "admin"

[root@mikkel root]# kinit admin
Password for admin@ORHOLM.DK:
[root@mikkel root]# bos listusers mikkel
bos: no such entry (getting tickets)
bos: running unauthenticated
SUsers are: admin
[root@mikkel root]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@ORHOLM.DK
Valid starting     Expires            Service principal
08/25/04 21:26:30  08/26/04 21:26:25  krbtgt/ORHOLM.DK@ORHOLM.DK
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

I have tried to read the mails "1.3.70 and aklog" from this list, but Im
still confused. Im running only Linux here, no Windows, no Active

The ChangeLog says that "aklog" is build in. But I don't get the
"afs/orholm.dk@ORHOLM.DK" token automatically when trying to access

Do I still need "aklog" ?
What enctype should I use (des-cbc-crc:v4) ?
Do I still need "asetkey" ?

Could someone explain the "aklog", "asetkey" and "enctype" in relation
to OpenAFS 1.3.71 or higher on Linux using MIT Kerberos 1.3.3.


Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.4 (GNU/Linux)