[OpenAFS] AFS + Kerberos

Maurizio Santini msantini@pictage.com
Tue, 18 Jan 2005 18:32:03 -0300


Does anyone know how to circumnavigate this kind of egg/chicken problem?

I'm trying to make the kvno for a testuser match the entry in
/etc/krb5.keytab and the KeyFile but every time I do so using "ktadd" I
have to change the password for the user.  As a consequence the kvno
gets increased by one and I have the same problem again.

I'm doing this because I get the error "security object was passed a bad
ticket" and I think it's because there's a key mismatch (please correct
me if I'm wrong).

aklog seems to work but If a try to create a file a get 'Permission
denied'. The "tokens" command says "User's (AFS ID 828) tokens for
afs@test.pictage.com.ar" which is correct.

------klist output------
Ticket cache: FILE:/tmp/krb5cc_608
Default principal: testuser@TEST.PICTAGE.COM.AR

Valid starting     Expires            Service principal
01/18/05 17:42:56  01/19/05 03:42:54 
krbtgt/TEST.PICTAGE.COM.AR@TEST.PICTAGE.COM.AR
01/18/05 17:43:10  01/19/05 03:42:54  testuser@TEST.PICTAGE.COM.AR
01/18/05 18:06:44  01/19/05 03:42:54
afs/test.pictage.com.ar@TEST.PICTAGE.COM.AR
------------------------

I'm using KerberosV-1.3.5, OpenAFS 1.2.11 and RHL 7.3

Regards,

Maurizio Santini
System administrator
TenRoses