[OpenAFS] Cache manager does not show (can not get) user token.

Mustafa A. Hashmi mahashmi@gmail.com
Tue, 14 Mar 2006 12:46:35 +0500


I've run into a small problem with our openAFS installation. Running
debian sarge and following Russ Allbery's instructions as found on:
I have managed to get to the following command this far:

bos status server-name

This results in the error:
bos: failed to contact host's bosserver (security object was passed a
bad ticket).

Below are quite brief details of the initialization:

#: kdestroy ; unlog
#: kinit mustafa.hashmi/admin
Password for mustafa.hashmi/admin@EMERGEN.BIZ

# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mustafa.hashmi/admin@EMERGEN.BIZ

Valid starting     Expires            Service principal
03/14/06 12:14:02  03/14/06 22:14:01  krbtgt/EMERGEN.BIZ@EMERGEN.BIZ
        Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple
DES cbc mode with HMAC/sha1

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

# aklog -d node30.emergen.biz -k EMERGEN.BIZ
Authenticating to cell node30.emergen.biz (server node30.emergen.biz).
We were told to authenticate to realm EMERGEN.BIZ.
Getting tickets: afs/node30.emergen.biz@EMERGEN.BIZ
About to resolve name mustafa.hashmi.admin to id in cell node30.emergen.biz=
Id 32766
Set username to mustafa.hashmi.admin
Setting tokens. mustafa.hashmi.admin /  @ EMERGEN.BIZ

# tokens

Tokens held by the Cache Manager:

Tokens for afs@node30.emergen.biz [Expires Mar 14 22:14]
   --End of list--

The cache manager doesn't seem to be holding any tokens at this point
for my user.

Just to add, the KDC service is on a different server than the
openafs-dbserver, and I have added the REALM as required in

Initially I was under the impression the problem was a mismatch in the
kvno number, however, that was just lack of attention on my part when
looking at the output from 'tokens'.

A few additional details of interest:

kadmin.local:  getprinc afs/node30.emergen.biz
Principal: afs/node30.emergen.biz@EMERGEN.BIZ
Expiration date: [never]
Last password change: Mon Mar 13 21:25:52 GMT-5 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Mar 13 21:25:52 GMT-5 2006 (faraz.khan/admin@EMERGEN.BIZ=
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 3, DES cbc mode with CRC-32, no salt
Policy: [none]
node30:# bos listkeys node30.emergen.biz -localauth
key 3 has cksum 683704053
Keys last changed on Mon Mar 13 21:27:21 2006.
All done.

node30:/usr/share/doc# bos listusers node30.emergen.biz -localauth
SUsers are: mustafa.hashmi/admin rehan.zafar

If someone could please point me in the correct direction, it would be
greatly appreciated.

Thank you and regards,
Mustafa A. Hashmi