[OpenAFS] Kerberos troubles... (addl)

James D. Nurmi jnurmi@qwe.cc
Fri, 19 Mar 2004 13:21:09 -0500


(In response to a question I'm sure to recieve, since when I poked around 
the archives, it mentioned the domain_realm section, but from what I can see,
It looks to be right.  I've removed references to my work machines, but modified
nothing else.  kinit works perfectly either way for both realms)

After poking around and doing an aklog -d, it's convinced that I should
be in the kerberos realm CC, even though kinit works fine w/ the setup
I've got.  (Adelphia is my (home) ISP, QWE.CC is
my home realm, qwe.cc is my home machine and the previous references to
michelangelo are simply CNames to qwe.cc proper,  the same machine) .  

Relevant krb5.conf pasted below:

[libdefaults]
        default_realm = QWE.CC
# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        dns_lookup_realm = false
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
# The following encryption type specification will be used by MIT
Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code 
# are correct and overriding these specifications only serves to disable
# new encryption types as they are added, creating interoperability
problems.
#       default_tgs_enctypes = aes256-cts arcfour-hmac-md5
des3-hmac-sha1 des-cb
c-crc des-cbc-md5
#       default_tkt_enctypes = aes256-cts arcfour-hmac-md5
des3-hmac-sha1 des-cb
c-crc des-cbc-md5
#permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des
-cbc-md5

# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }

[realms]
QWE.CC = {
#       kdc = qwe.cc
        admin_server = qwe.cc
}

[domain_realm]
        .qwe.cc      = QWE.CC
        qwe.cc       = QWE.CC
        .adelphia.net = QWE.CC
        adelphia.net = QWE.CC
[login]
        krb4_convert = true
        krb4_get_tickets = true

[logging]
        kdc = FILE:/var/log/kerberos/krb5kdc.log
        admin_server = FILE:/var/log/kerberos/kadmin.log
        default = FILE:/var/log/kerberos/kerberos.log