[OpenAFS] AFS + Kerberos
Derrick J Brashear
shadow@dementia.org
Wed, 19 Jan 2005 23:09:41 -0500 (EST)
On Tue, 18 Jan 2005, Maurizio Santini wrote:
> Does anyone know how to circumnavigate this kind of egg/chicken problem?
>
> I'm trying to make the kvno for a testuser match the entry in
> /etc/krb5.keytab and the KeyFile but every time I do so using "ktadd" I
> have to change the password for the user. As a consequence the kvno
> gets increased by one and I have the same problem again.
stop using ktadd?
> I'm doing this because I get the error "security object was passed a bad
> ticket" and I think it's because there's a key mismatch (please correct
> me if I'm wrong).
Well, the kvno mismatch would be for the afs principal, not the user. So
the bosserver and the other servers would find the wrong version in the
KeyFile (not the one that matches what the kdc has)