[OpenAFS] Kerberos troubles... (addl)
James D. Nurmi
jnurmi@qwe.cc
Fri, 19 Mar 2004 13:21:09 -0500
(In response to a question I'm sure to recieve, since when I poked around
the archives, it mentioned the domain_realm section, but from what I can see,
It looks to be right. I've removed references to my work machines, but modified
nothing else. kinit works perfectly either way for both realms)
After poking around and doing an aklog -d, it's convinced that I should
be in the kerberos realm CC, even though kinit works fine w/ the setup
I've got. (Adelphia is my (home) ISP, QWE.CC is
my home realm, qwe.cc is my home machine and the previous references to
michelangelo are simply CNames to qwe.cc proper, the same machine) .
Relevant krb5.conf pasted below:
[libdefaults]
default_realm = QWE.CC
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
dns_lookup_realm = false
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT
Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code
# are correct and overriding these specifications only serves to disable
# new encryption types as they are added, creating interoperability
problems.
# default_tgs_enctypes = aes256-cts arcfour-hmac-md5
des3-hmac-sha1 des-cb
c-crc des-cbc-md5
# default_tkt_enctypes = aes256-cts arcfour-hmac-md5
des3-hmac-sha1 des-cb
c-crc des-cbc-md5
#permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des
-cbc-md5
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
QWE.CC = {
# kdc = qwe.cc
admin_server = qwe.cc
}
[domain_realm]
.qwe.cc = QWE.CC
qwe.cc = QWE.CC
.adelphia.net = QWE.CC
adelphia.net = QWE.CC
[login]
krb4_convert = true
krb4_get_tickets = true
[logging]
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmin.log
default = FILE:/var/log/kerberos/kerberos.log