[OpenAFS] Problms with Kerberos 5 & AFS and tokens, permissions

Sergio Gelato Sergio.Gelato@astro.su.se
Wed, 16 Mar 2005 09:16:56 +0100


* Lars Schimmer [2005-03-16 05:00:13 +0100]:
> Thx for answer. The problem is NOT getting any tokens. I managed to
> kinit, get my authentification from kerberos5 and I managed to aklog and
> got my token.
> So for my view I used: kinit user - OK
> aklog - OK
> After trying to list my token with "tokens" I view the standard line
> like I got tokens with klog over normal kaserv from OpenAFS builtin
> kerberos4. Really, it doesn?t differ.
> But with this token (got by aklog) I can?t access directorys which I can
> access with the token I got with klog. And tokens prints out the same
> information both times.

Unfortunately, that doesn't mean you got the same token in both cases.

What service principal are you using for your AFS cell? Is it
afs/cell@REALM or simply afs@REALM ? If both principals are known to the
KDC, you may be running into consistency problems.

While you're at it, show us the kvno and enctype for the key in the AFS
keyfile on the servers; then the output of "klist -v" after a kinit+aklog
sequence. It would also be helpful if you could run aklog with the -d
option and include the debugging output produced.

> Thats my problem... I assume I miss something I should have been done...