[OpenAFS] aklog not detecting kerberos realm

Andrew Cobaugh phalenor@gmail.com
Sun, 30 Dec 2007 22:55:26 -0500

Thanks for the quick reply.

On Dec 30, 2007 7:55 PM, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> If your domain_realm mappings were specified in krb5.conf then Kerberos
> referrals would not be used for authentication.

That's the thing, my domain_realm mappings are set up right. In fact,
I'm using a krb5.conf that's identical to the one that works on
another machine.

> aklog is working.  You are getting tokens.  aklog simply does not know
> that the user is local to the cell and cannot create a foreign realm
> entry for it.

I ran aklog through truss. It's definitely reading in the correct
krb5.conf (I have MIT Kerberos built with sysconfdir=/etc/kerberos, so
I have a copy at /etc/krb5.conf and /etc/kerberos/krb5.conf just to be

Here is aklog -d sent through truss:


This really doesn't make sense. It almost seems like it's ignoring the
domain_realm section. I'm stumped at this point.

Andy Cobaugh