[OpenAFS] aklog oddness?

Sean Kelly smkelly@rooster.creighton.edu
Tue, 20 Dec 2005 14:18:31 -0600

I've installed OpenAFS 1.4.0 on two RHEL AS 3 machines for testing. They
both use Kerberos 5, aklog, and all that good stuff. They seem to be
working perfectly, except if I do a second `aklog` after logging in and
getting my ticket from pam_krb5afs, it breaks:

g4:~ smkelly$ ssh <testhost-1>.creighton.edu
smkelly@<testhost-1>.creighton.edu's password: 
[smkelly@<testhost-1> smkelly]$ pwd
[smkelly@<testhost-1> smkelly]$ ls
[smkelly@<testhost-1> smkelly]$ aklog -d
Authenticating to cell creighton.edu (server <testhost-1>.creighton.edu).
We've deduced that we need to authenticate to realm CREIGHTON.EDU.
Getting tickets: afs/creighton.edu@CREIGHTON.EDU
Principal not found, trying alternate service name: afs/@CREIGHTON.EDU
About to resolve name smkelly to id in cell creighton.edu.
Id 500
Set username to AFS ID 500
Setting tokens. AFS ID 500 /  @ CREIGHTON.EDU 
[smkelly@<testhost-1> smkelly]$ ls
ls: .: Permission denied
[smkelly@<testhost-1> /]$ bos listhosts <testhost-1>
bos: failed to get cell name (ticket contained unknown key version number)

Any idea what the problem could be? Why does running aklog a second time
break me? Even with a -force it is broken.


Sean M. Kelly
Unix Systems Architect
Division of Information Technology
Creighton University