[OpenAFS] Kerberos troubles...
J. D. Nurmi
jnurmi-openafs-info@qwe.cc
Fri, 19 Mar 2004 12:40:28 -0500
Ok, out of boredom, I decided to setup AFS at home, and I'm running into
a bit of issue with kerberos, and I cant seem to figure out where I went
wrong versus our production machines in the office...
General details:
AFS Cell: qwe.cc
Kerberos: QWE.CC
One of the issues is that I'm using DNS for kerberos resolution, but I
dont control the in-arpa records, so I have to hack around a bit w/ the
default_realm, etc, and I suspect this is part of the problem.
Anywho, when I try to aklog, I get:
aklog: Couldn't get qwe.cc AFS tickets:
aklog: Server not found in Kerberos database while getting AFS ticket
Which in itself is usually an idic. of a kerberos problem... Which it
is, as, when examined in the logs, you see:
Mar 19 12:14:43 michelangelo.qwe.cc krb5kdc[853](info): TGS_REQ (7
etypes {18 17 16 23 1 3 2}) 69.162.159.65: UNKNOWN_SERVER: authtime
1079716481, jnurmi@QWE.CC for krbtgt/CC@QWE.CC, Server not found in
Kerberos database
If I add a krbtgt/CC principal (and ktab it) it instead balks on DNS,
looking for _kerberos._tcp.CC which, while I could do even _more_ hacks
to make it work, that just seems dirty dirty dirty.
Any clue why AFS wants to talk to CC instead of QWE.CC, and further, how
to fix it?
Thanks in advance,
James Nurmi