[OpenAFS] Re: OpenAFS + Kerb5

Jeff Blaine jblaine@mitre.org
Wed, 15 Feb 2006 11:09:16 -0500


First, thanks for the previous responses.

I don't suppose there is any sort of write-up, FAQ,
or notes on AFS + Kerberos 5?

It's not looking to be a pleasant experience from what
I can see so far with the first thing tried:

   # klog.krb -setpag jblaine
   Unable to authenticate because AFS user doesn't exist.
   # klog.krb -setpag jblaine@JBTEST
   Unable to authenticate because AFS user doesn't exist.

   kadmin.local:  getprinc jblaine
   Principal: jblaine@JBTEST
   ...etc...

I also notice that shutting down kaserver is not allowed,
even when using the .krb versions of binaries.

Am I understanding things correctly in that both ka and
kdc have to know about every user separately (!!!) ?
The klog.krb command above works after I create 'jblaine'
with kas.

There has to be something fundamental I am not privvy to.
Having administered an Transarc/IBM AFS cell for 8 years
now, I'm feeling pretty stupid when poking at this.