[OpenAFS] Aklog can't get tokens

Jason C. Wells jcw@highperformance.net
Sun, 09 Jan 2005 13:35:34 -0800


I can no longer use aklog to get tokens.  I haven't tinkered with AFS or 
Kerberos for some time now.  How this error suddenly manifested is a 
mystery to me.  The error messages I am getting don't make any sense to me. 
I am kind of stuck.

This is a transcript from my Redhat client which is also my server.  The 
KDCs are on different machines.

[jcw@s3 jcw]$ aklog -d
Authenticating to cell stradamotorsports.com (server 
s3.stradamotorsports.com).
We've deduced that we need to authenticate to realm STRADAMOTORSPORTS.COM.
Getting tickets: afs/stradamotorsports.com@STRADAMOTORSPORTS.COM
Kerberos error code returned by get_cred: -1765328228
aklog: Couldn't get stradamotorsports.com AFS tickets:
aklog: Cannot contact any KDC for requested realm while getting AFS tickets
[jcw@s3 jcw]$ klist
Ticket cache: FILE:/tmp/krb5cc_p3885
Default principal: jcw@STRADAMOTORSPORTS.COM

Valid starting     Expires            Service principal
01/09/05 13:18:50  01/09/05 23:18:50 
krbtgt/STRADAMOTORSPORTS.COM@STRADAMOTORSP
ORTS.COM
01/09/05 13:18:57  01/09/05 23:18:50  afs@STRADAMOTORSPORTS.COM


Kerberos 4 ticket cache: /tmp/tkt500
klist: You have no tickets cached

By grepping the sources I see that the error code is KRB5_KDC_UNREACH.  I 
know that's not true because I got kerberos tickets for 
afs@STRADAMOTORSPORTS.COM.  This seems illogical.  The more likely 
explanation is that I misunderstand what I am observing.  Would someone 
please provide some insight to help me get unstuck.

Odd thing is, the only hit that google returns was for me reporting this 
same problem a long time ago. That response doesn't seem to help this time 
through.

Thanks,
Jason C. Wells