[OpenAFS] bad token
Sergey S. Kleymenov
sergeykleymenov@gmail.com
Mon, 20 Mar 2006 23:25:53 +0300
Hi!
I'm trying to setup my first OpenAFS server on Gentoo Linux with Heimdal
kerberos (LDAP backend)
I have:
amd64
kernel 2.6.14-hardened-r3
openldap 2.2.28-r3
heimdal 0.7.2
openafs 1.4.0-r2
openafs-kernel 1.4.0
My /etc/krb5.conf:
[kdc]
database = {
dbname = ldap:ou=KerberosPrincipals,dc=my,dc=domain
log_file = /var/heimdal/log
acl_file = /var/heimdal/kadmind.acl
}
use_2b = {
afs/MY.DOMAIN@MY.DOMAIN = yes
afs@MY.DOMAIN = yes
hermes/afs@MY.DOMAIN = yes
}
enable-kaserver = yes
ports = 88
[kadmin]
default_keys = des:afs3-salt v4
[libdefaults]
ticket_lifetime = 600
default_realm = MY.DOMAIN
default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md4 des-cbc-md5
default_etypes_des = des-cbc-crc des-cnc-md4 des-cbc-md5 des3-hmac-sha1
dns_lookup_kdc = 1
[realms]
MY.DOMAIN = {
kdc = hermes.my.domain
admin_server = hermes.my.domain
kpasswd_server = hermes.my.domain
}
[logging]
kdc = SYSLOG
admin_server = SYSLOG
default = SYSLOG
[password_quality]
check_lib64rary = /usr/lib/sample_passwd_check.so
check_function = check_cracklib64
Following by OpenAFS Administration Guide and Heimdal documentation, on
step of setting acl of root.afs:
# fs setacl /afs system:anyuser rl
fs: You don't have the required access rigthts on '/afs'
#tokens.krb
Tokens held by Cache Manager:
User's (AFS ID 1) tokens for afs@my.domain [Expires Mar 21 23:29]
User hermes.afs's tokens for krbtgt.MY.DOMAIN@my.domain [Expires Mar 21
23:29]
--End of list--
Membership of hermes.afs in system:adminitrators and SUsers are seted.
Thank you!