[OpenAFS] Problms with Kerberos 5 & AFS and tokens, permissions

[Kevin]

On Tue, 2005-03-15 at 16:27 +0100, Lars Schimmer wrote:

> Ok, these are my first steps with kerberos 5 and I'm willing to learn, but why
> does OpenAFS not accept my valid tokens? I assumed with a valid token I can
> access the OpenAFS tree...
> Any hints?

Hi Lars-

I've been running an integrated kerberos5/openafs system for about 1-2
years now, integrating the two with Ken Hornstein's migration kit, so
I'm certainly no AFS guru but I might be able to help.

Based on what you've written here, it's not clear to me exactly what the
problem is, aside from: you run kinit, aklog, and try to access a
directory on an AFS volume that you expect this user should have
privileges on and fail.  Is that about right?

Have you run the tokens command to examine the tokens held by the Cache
Manager?  I'd say that would be a good thing to do if you haven't
already.  It's kind-of the AFS equivalent of klist (for examining your
tickets) in kerberos.

If I understood correctly, you are having some problems getting tokens
with aklog.  Perhaps your configuration is not quite right.

Are you using the Quick Beginnings Guide as a general guide (can't
follow exactly of course because it assumes you're using kaserv for auth
instead of kerberos5).  If so, then perhaps you could explain exactly
where in that guide things go differently with your system than you
would expect or than is indicated in the guide.  If you'll supply some
of that detail, then I might be able to help.  Someone else here can
perhaps understand your issue better and offer help directly, too.


-- 
-Kevin
http://www.gnosys.us