[OpenAFS] Debian - openafs -noauth problems
Madhusudan Singh
singh.madhusudan@gmail.com
Fri, 19 Aug 2005 23:15:08 -0400
Thanks for your response.
On Friday 19 August 2005 10:02 pm, Russ Allbery wrote:
> Madhusudan Singh <singh.madhusudan@gmail.com> writes:
> > omega:~# pts exam 2
> > libprot: a pioctl failed Could not get afs tokens, running
> > unauthenticated. Name: zzzz, id: 2, owner: system:administrators,
> > creator: anonymous, membership: 1, flags: S----, group quota: unlimited.
>
> Okay. That looks fine.
>
> When you try to run fs sa, does your token disappear? If you run tokens
> afterwards, in other words, do you no longer have a token?
Let us see :
After getting tickets (kinit zzzz) and tokens (aklog cell -k realm) :
omega:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: zzzz@KERBEROS.DOMAIN.EDU
Valid starting Expires Service principal
08/19/05 23:08:34 08/20/05 09:07:55
krbtgt/KERBEROS.DOMAIN.EDU@KERBEROS.DOMAIN.EDU
08/19/05 23:08:42 08/20/05 09:07:55 afs/omega.domain.edu@KERBEROS.DOMAIN.EDU
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
omega:~# tokens
Tokens held by the Cache Manager:
User's (AFS ID 2) tokens for afs@omega.domain.edu [Expires Aug 20 09:07]
--End of list--
Now I try to set ACL's :
omega:~# fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
omega:~# tokens
Tokens held by the Cache Manager:
User's (AFS ID 2) tokens for afs@omega.domain.edu [Expires Aug 20 09:07]
--End of list--
>
> If so, there should be a kernel message in syslog explaining why the
> tokens were discarded and giving an error code. You can translate that
> error code to a message with the command translate_et.
It does not seem that the tokens were discarded.