[OpenAFS] pam errors login... win2003AD krb5 server

Lars Schimmer l.schimmer@cgv.tugraz.at
Sun, 10 Jun 2007 12:22:45 +0200

Hash: SHA1

Jeffrey Altman wrote:
> Lars Schimmer wrote:
>> Ok, I set debug info of gdm to enable. Some more info, but not much.
>> I switched from MIT krb5 server to Win2003 AD server.
>> I can login to "debian etch" linux as root, kinit schimmer/aklog and g=
>> to my AFS space, all fine with the correct token.
>> While trying to login with gdm it prints out this errors:
> If you have host principals assigned and associated keys stored in the
> local linux machine's keytab file from the MIT realm, you are going to
> have to replace them with host principals and keys from the Microsoft A=

Sorry. Far to early on a sunday without coffe.

I just deletet the krb5.keytab and it worked :-)

My working Win2003 key had a kvno of 3, just like the "old" MIT one,
damn it.
So I had to change kvno of mit afs principal and ktadd/asetkey the new
kvno one.
To bad, I tried alwas wit kadmin: "shell" and not with kadmin.local.
Because you NEED to issue something like:
kadmin.local -q "ktadd -e des-cbc-crc:afs3 afs"
to obtain a working token, the -e parameter is in the "shell" of kadmin
for a salt and not working.

Now I=B4m much happier and sry for the "sometimes" stupid questions.

> Jeffrey Altman

Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org