[OpenAFS] KerberosV + AFS
Maurizio Santini
msantini@pictage.com.ar
Thu, 25 Nov 2004 16:14:34 -0300
I've the following problem with MIT kerberosV 1.3.5 and openafs 1.2.11
on redhat 7.3.
------------------LOG MESSAGE----------------
login[6311]: pam_krb5afs: authentication succeeds for `testuser'
login[6311]: pam_krb5afs: v4 ticket conversion succeeded for `testuser'
login(pam_unix)[6311]: session opened for user testuser by (uid=0)
testuser[6311]: LOGIN ON tty1 BY testuser
kernel: afs: Tokens for user of AFS id 0 for cell test.pictage.com.ar
are discarded (rxkad error=19270408)
-------------------------------------
klist shows like I have a token but if I try to "touch" a file it gives
permission denied.
---------------------------------------------
Ticket cache: FILE:/tmp/krb5cc_828_RpEUWZ
Default principal: testuser@TEST.PICTAGE.COM.AR
Valid starting Expires Service principal
11/11/04 15:42:44 11/12/04 01:42:44
krbtgt/TEST.PICTAGE.COM.AR@TEST.PICTAGE.COM.AR
renew until 11/12/04 01:42:44
Kerberos 4 ticket cache: /tmp/tkt828_WncZXj
Principal: testuser@TEST.PICTAGE.COM.AR
Issued Expires Principal
11/11/04 15:42:44 11/12/04 01:42:44
krbtgt.TEST.PICTAGE.COM.AR@TEST.PICTAGE.COM.AR
11/11/04 15:42:44 11/12/04 01:42:44
afs.test.pictage.com.ar@TEST.PICTAGE.COM.AR
---------------------------------------------
The problem seems to be a difference in the key version number for the
afs-service in AFS-Server-Key and Kerberos key or the encryption types.
How could I check that and make sure that things match?
Thank you for your help.
Maurizio Santini
System administrator
Ten Roses SRL