[OpenAFS] Problms with Kerberos 5 & AFS and tokens, permissions

Lars Schimmer schimmer@cg.cs.tu-bs.de
Wed, 16 Mar 2005 05:00:13 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kevin schrieb:
| On Tue, 2005-03-15 at 16:27 +0100, Lars Schimmer wrote:
|
|
|>Ok, these are my first steps with kerberos 5 and I'm willing to learn,
but why
|>does OpenAFS not accept my valid tokens? I assumed with a valid token
I can
|>access the OpenAFS tree...
|>Any hints?

| Based on what you've written here, it's not clear to me exactly what the
| problem is, aside from: you run kinit, aklog, and try to access a
| directory on an AFS volume that you expect this user should have
| privileges on and fail.  Is that about right?
|
| Have you run the tokens command to examine the tokens held by the Cache
| Manager?  I'd say that would be a good thing to do if you haven't
| already.  It's kind-of the AFS equivalent of klist (for examining your
| tickets) in kerberos.
|
| If I understood correctly, you are having some problems getting tokens
| with aklog.  Perhaps your configuration is not quite right.

Thx for answer. The problem is NOT getting any tokens. I managed to
kinit, get my authentification from kerberos5 and I managed to aklog and
got my token.
So for my view I used: kinit user - OK
aklog - OK
After trying to list my token with "tokens" I view the standard line
like I got tokens with klog over normal kaserv from OpenAFS builtin
kerberos4. Really, it doesn?t differ.
But with this token (got by aklog) I can?t access directorys which I can
access with the token I got with klog. And tokens prints out the same
information both times.
Thats my problem... I assume I miss something I should have been done...

Thx,
Lars
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109            E-Mail: schimmer@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFCN69MVguzrLh6DgMRAr9mAJ9ipRmpSXLdlcEuUV5fy0EUZJ/WtgCdFOcZ
oYqvqoWy+UbJ14PMUkcAh4c=
=pfXm
-----END PGP SIGNATURE-----