[OpenAFS] Re: OpenAFS aklog returns token only for afs@cellname
tedc
tcreedon@easystreet.com
Sun, 12 Feb 2006 01:56:25 -0800
Christopher D. Clausen wrote:
> ted creedon <tcreedon@easystreet.com> wrote:
>> A remote box gets a krb5 ticket for admin@CELLNAME but aklog returns
>> without the user's (afs id 1) identification for the token.
>>
>> The Kerberos server and afs server are on the same central box.
>
> What does aklog -d return?
>
> <<CDC
> yno:~ # aklog -d
> Authenticating to cell home.ted-doris.fam (server
> nome.home.ted-doris.fam).
> We've deduced that we need to authenticate to realm HOME.TED-DORIS.FAM.
> Getting tickets: afs/home.ted-doris.fam@HOME.TED-DORIS.FAM
> Using Kerberos V5 ticket natively
> About to resolve name admin to id in cell home.ted-doris.fam.
> Error -1
> Set username to admin
> Setting tokens. admin / @ HOME.TED-DORIS.FAM
> Tokens held by the Cache Manager:
>
> Tokens for afs@home.ted-doris.fam [Expires Feb 12 13:04]
> --End of list--
> It should be noted that the server is behind a firewall and NetInfo
> was set up to deal with this. vos listaddrs looks OK.