[OpenAFS] Problms with Kerberos 5 & AFS and tokens, permissions

Lars Schimmer schimmer@cg.cs.tu-bs.de
Wed, 16 Mar 2005 10:34:48 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sergio Gelato schrieb:
| Unfortunately, that doesn't mean you got the same token in both cases.
|
| What service principal are you using for your AFS cell? Is it
| afs/cell@REALM or simply afs@REALM ? If both principals are known to the
| KDC, you may be running into consistency problems.

I use the debian packages and there is README.gz along with, that I
followed. I setup the principal afs@CG.CS.TU-BS.DE in first place.
asetkey list gave a kvno of 0 for the afs key, so i used:
% kadmin.local -q "modprinc -kvno 0 afs@YOUR.CELL.NAME"
than
~ kadmin:  ktadd -k /etc/krb5.keytab afs@YOUR.CELL.NAME
after that
asetkey add 1 /etc/krb5.keytab afs
and than I removed the afs principal:
~ kadmin:  ktremove -k /etc/krb5.keytab afs@YOUR.CELL.NAME all

After that I manually copy the afs-KEyfile to all fileservers.

| While you're at it, show us the kvno and enctype for the key in the AFS
| keyfile on the servers; then the output of "klist -v" after a kinit+aklog
| sequence. It would also be helpful if you could run aklog with the -d
| option and include the debugging output produced.

Ok, lets go:
aklog -d
Authenticating to cell cg.cs.tu-bs.de (server afsmaster.cg.cs.tu-bs.de).
We've deduced that we need to authenticate to realm CG.CS.TU-BS.DE.
Getting tickets: afs/cg.cs.tu-bs.de@CG.CS.TU-BS.DE
About to resolve name schimmer to id in cell cg.cs.tu-bs.de.
Id 5584
Set username to AFS ID 5584
Setting tokens. AFS ID 5584 /  @ CG.CS.TU-BS.DE

~ asetkey list
kvno    0: key is: YYYYYf855XXXXXXX
kvno    1: key is: YYYYY80e2XXXXXXX

Enctype, hu, haven´t made anything special.

~ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: schimmer@CG.CS.TU-BS.DE

Valid starting     Expires            Service principal
03/16/05 10:19:17  03/16/05 20:19:15  krbtgt/CG.CS.TU-BS.DE@CG.CS.TU-BS.DE
03/16/05 10:19:20  03/16/05 20:19:15  afs@CG.CS.TU-BS.DE


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

Thats all I can provide right now...
Thx for your help

Cya
Lars
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109            E-Mail: schimmer@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFCN/23VguzrLh6DgMRAnY7AJ0S2bi6k8Q5tlzL49K9OBHblONFRACeKO8X
oEN9naoTjmgVlyLtS407CoA=
=WGnD
-----END PGP SIGNATURE-----