[OpenAFS] Old Cell new key - problem... help wanted
Lars Schimmer
l.schimmer@cgv.tugraz.at
Tue, 30 Aug 2005 13:50:23 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
It's me again...
Now I setup the old cell with a new key.
My steps:
kadmin.local -e des-cbc-crc:v4 -q "addprinc
afs/cgv.tugraz.at@CGKV.TUGRAZ.AT"
admin.local -q "modprinc -kvno 0 afs/cgv.tugraz.at@CGKV.TUGRAZ.AT"
kadmin.local -e des-cbc-crc:v4 -q "ktadd -k /etc/krb5.keytab
afs/cgv.tugraz.at@CGKV.TUGRAZ.AT"
asetkey add 1 /etc/krb5.keytab afs/cgv.tugraz.at
After that copy keyfile to 2nd fileserver, reboot both and kinit/aklog.
OK, ticket and token are available.
But now I still can't access the cell, permission denied.
And a vos release command tells me:
rxk: security object was passed a bad ticket
Something went wrong, but what?
ktutil l tells me:
slot KVNO Principal
- ---- ----
- ---------------------------------------------------------------------
1 4 admin/admin@CGKV.TUGRAZ.AT
2 4 admin/admin@CGKV.TUGRAZ.AT
3 5 admin@CGKV.TUGRAZ.AT
4 5 admin@CGKV.TUGRAZ.AT
5 2 root/admin@CGKV.TUGRAZ.AT
6 2 root/admin@CGKV.TUGRAZ.AT
7 1 afs/cgv.tugraz.at@CGKV.TUGRAZ.AT
asetkey list:
kvno 0: key is: XXXXXXXfa48fYYYY
kvno 1: key is: XXXXXXX2790YYYYY
So the KVNO are the same.
What could be wrong at all?
Cya
Lars
- --
- -------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel.: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDFEf/VguzrLh6DgMRAsStAKC7URytIlSEjDXNCdaFKhew1q7aYgCgjFMw
Lp87WZzXDTqn0eHQv++Y4GY=
=KKo1
-----END PGP SIGNATURE-----