[OpenAFS] Kerberos troubles... (addl)

Douglas E. Engert deengert@anl.gov
Sat, 20 Mar 2004 13:43:27 -0600 

"James D. Nurmi" wrote:
> 
> (In response to a question I'm sure to recieve, since when I poked around
> the archives, it mentioned the domain_realm section, but from what I can see,
> It looks to be right.  I've removed references to my work machines, but modified
> nothing else.  kinit works perfectly either way for both realms)
> 
> After poking around and doing an aklog -d, it's convinced that I should
> be in the kerberos realm CC,

You as the user are in the realm QWE.CC as you said kinit works. aklog is 
trying to get a ticket for the AFS cell and needs to contact the realm of the cell. 
What is the name of the cell? What is the name of the server with the cell?
What is the output of aklog -d? 


? even though kinit works fine w/ the setup
> I've got.  (Adelphia is my (home) ISP, QWE.CC is
> my home realm, qwe.cc is my home machine and the previous references to
> michelangelo are simply CNames to qwe.cc proper,  the same machine) .
> 
> Relevant krb5.conf pasted below:
> 
> [libdefaults]
>         default_realm = QWE.CC
> # The following krb5.conf variables are only for MIT Kerberos.
>         krb4_config = /etc/krb.conf
>         krb4_realms = /etc/krb.realms
>         dns_lookup_realm = false
>         kdc_timesync = 1
>         ccache_type = 4
>         forwardable = true
>         proxiable = true
> # The following encryption type specification will be used by MIT
> Kerberos
> # if uncommented.  In general, the defaults in the MIT Kerberos code
> # are correct and overriding these specifications only serves to disable
> # new encryption types as they are added, creating interoperability
> problems.
> #       default_tgs_enctypes = aes256-cts arcfour-hmac-md5
> des3-hmac-sha1 des-cb
> c-crc des-cbc-md5
> #       default_tkt_enctypes = aes256-cts arcfour-hmac-md5
> des3-hmac-sha1 des-cb
> c-crc des-cbc-md5
> #permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
> des-cbc-crc des
> -cbc-md5
> 
> # The following libdefaults parameters are only for Heimdal Kerberos.
>         v4_instance_resolve = false
>         v4_name_convert = {
>                 host = {
>                         rcmd = host
>                         ftp = ftp
>                 }
>                 plain = {
>                         something = something-else
>                 }
>         }
> 
> [realms]
> QWE.CC = {
> #       kdc = qwe.cc
>         admin_server = qwe.cc
> }
> 
> [domain_realm]
>         .qwe.cc      = QWE.CC
>         qwe.cc       = QWE.CC
>         .adelphia.net = QWE.CC
>         adelphia.net = QWE.CC
> [login]
>         krb4_convert = true
>         krb4_get_tickets = true
> 
> [logging]
>         kdc = FILE:/var/log/kerberos/krb5kdc.log
>         admin_server = FILE:/var/log/kerberos/kadmin.log
>         default = FILE:/var/log/kerberos/kerberos.log
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444