[OpenAFS] KerberosV + AFS
Maurizio Santini
msantini@pictage.com.ar
Thu, 11 Nov 2004 16:43:43 -0300
I've installed MIT kerberosV 1.3.5 and openafs 1.2.11 on redhat 9 and
redhat 7.3 (master kdc). I think I'm closer than ever to make things
work but I'm still running into problems.
------------------LOG MESSAGE----------------
login[6311]: pam_krb5afs: authentication succeeds for `testuser'
login[6311]: pam_krb5afs: v4 ticket conversion succeeded for `testuser'
login(pam_unix)[6311]: session opened for user testuser by (uid=0)
testuser[6311]: LOGIN ON tty1 BY testuser
kernel: afs: Tokens for user of AFS id 0 for cell test.pictage.com.ar
are discarded (rxkad error=19270408)
---------------------------------------------
klist shows like I have a token but if I try to "touch" a file it gives
permission denied.
---------------------------------------------
Ticket cache: FILE:/tmp/krb5cc_828_RpEUWZ
Default principal: testuser@TEST.PICTAGE.COM.AR
Valid starting Expires Service principal
11/11/04 15:42:44 11/12/04 01:42:44
krbtgt/TEST.PICTAGE.COM.AR@TEST.PICTAGE.COM.AR
renew until 11/12/04 01:42:44
Kerberos 4 ticket cache: /tmp/tkt828_WncZXj
Principal: testuser@TEST.PICTAGE.COM.AR
Issued Expires Principal
11/11/04 15:42:44 11/12/04 01:42:44
krbtgt.TEST.PICTAGE.COM.AR@TEST.PICTAGE.COM.AR
11/11/04 15:42:44 11/12/04 01:42:44
afs.test.pictage.com.ar@TEST.PICTAGE.COM.AR
---------------------------------------------
As far as I could see from previous emails the problem seems to be a
difference in the key version number for the afs-service in
AFS-Server-Key and Kerberos key or the encryption types.
How could I check that and make sure that things match?
Thank you for your help.
Maurizio Santini
System administrator
Ten Roses SRL