[OpenAFS] aklog: unable to obtain tokens for cell folkvang.org (status: 11862791).

Derrick J Brashear shadow@dementia.org
Tue, 10 Feb 2004 01:32:06 -0500 (EST)


Start afsd.
11862791 (ktc).7 = Cache Manager is not initialized / afsd is not running


On Tue, 10 Feb 2004, Kevin wrote:

> Thanks for the reply, Derrick.
>
> On Tuesday 10 February 2004 00:42, Derrick J Brashear wrote:
> > On Tue, 10 Feb 2004, Kevin wrote:
> > > So it seemed to be looking for a krb524 library, and in my newly
> > > built (and functional) 1.3.1 Kerberos system, I don't have such a
> > > library. Guessing that the code that used to be in this library is
> > > now in some other library (probably already linked against in the
> > > build attempt), I just renamed the krb524 library in the Makefile to
> > > krb5 and tried again.
> >
> > It's possible they rolled those functions into libkrb5; i don't know.
>
> That seems to be what happened.
>
> >
> > > [appdefaults]
> > > 	# from http://grand.central.org/twiki\
> > > 	#  /bin/view/AFSLore/?topic=KerberosAFSInstall
> > >         afs_krb5 = {
> > >                 DUMMY.ORG = {
> > >                         afs = false
> > >                         afs/dummy.org = false
> > >                 }
> > >         }
> >
> > Why false? Also, why both? afs *or* afs/dummy.org, which matches the
>
> Well, because that's what I found in a "howto" document that was the most
> recent I could find.  It's at
> http://grand.central.org/twiki/bin/view/AFSLore/?topic=KerberosAFSInstall
> and it seems to have been written by JasonGarman (05 Feb 2002) and you (26
> Nov 2002), revision 1.14 from 30 Dec 2003 (unless I'm not understanding
> that footer correctly)
>
> In reading it again, I see that "Only one of the two entries should be
> needed for a realm," but it does say false, not true.
>
> > key you installed in KeyFile? The other shouldn't be in your database,
>
> I installed afs/dummy.org@DUMMY.ORG in the KDC database and put that into
> the krb5.keytab, and from there, I presume that asetkey put it into the
> KeyFile.
>
> > and shouldn't be specified here.
>
> I didn't see afs_krb5 documented in the man page for krb5.conf, so I don't
> really understand too well what that statement is trying to do.
> Something about converting v5 tickets to v4?  Do I need to start with a
> v4 ticket (I tried first with just v5, then v4 and v5, all to no avail).
>
> >
> > Try true, and try it with only the correct key.
>
> Thanks again for the suggestion.  I did try it, then restarted all the
> kerberos and afs processes, but still to no avail.  I still get:
>
> # aklog -d
> zeus:/usr/afs/bin # /home/adam/kafs/afs-krb5/src/aklog -d
> Authenticating to cell dummy.org (server zeus).
> We've deduced that we need to authenticate to realm DUMMY.ORG.
> Getting tickets: afs/dummy.org@DUMMY.ORG
> About to resolve name adam.admin to id in cell dummy.org.
> Id 1
> Set username to AFS ID 1
> Setting tokens. AFS ID 1 /  @ DUMMY.ORG
> aklog: unable to obtain tokens for cell dummy.org (status: 11862791).
>
> and
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: adam/admin@DUMMY.ORG
>
> Valid starting     Expires            Service principal
> 02/10/04 01:08:02  02/10/04 11:08:02  krbtgt/DUMMY.ORG@DUMMY.ORG
>         renew until 02/11/04 01:08:02
> 02/10/04 01:08:30  02/10/04 11:08:02  afs/dummy.org@DUMMY.ORG
>         renew until 02/11/04 01:08:02
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> I still have the bosserver running with -noauth.  Is it time to change
> that now that I have an admin user?  Or can I do so if I can't get a
> token?
>
> Thanks again.
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>