[OpenAFS] Re: [OpenAFS] User got token, but aklog doesnŽt show it?

[Lars Schimmer]

jaltman@secure-endpoints.com wrote: 
> Lars Schimmer wrote:
> > Hi!
> > 
> > I setup grml 1.0 to a desktop system.
> > It uses a 2.6.20 kernel and OpenAFS 1.4.4.dfsg1-3.
> > Kernel Module is 1.4.4.dfsg1-2.
> > 
> > I set the system up and while kinit/aklog or logging in I obtain a
> > ticket and a token.
> > Klist shows the ticket and tokens shows NOTHING.
> > But I can access the AFS filespace as if I got a valid token for the user.
> > 
> > aklog tells me this error:
> > aklog
> > aklog: Badly formed name (group prefix doesn't match owner?) so unable
> > to create remote PTS user admin@cgv.tugraz.at in cell cgv.tugraz.at
> > (status: 267272).
> 
> If aklog is attempting to perform a remote PTS user registration, then
> the client does not think the local cell is "cgv.tugraz.at".

The "ThisCell" file is set and it is the correct cellname.

Here the shell output as root:

kinit admin
Password for admin@CGV.TUGRAZ.AT:
root@rtype /etc/openafs # aklog -d
Authenticating to cell cgv.tugraz.at (server phobos.cgv.tugraz.at).
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/cgv.tugraz.at@
Using Kerberos V5 ticket natively
About to resolve name admin@CGV.TUGRAZ.AT to id in cell cgv.tugraz.at.
Id 32766
doing first-time registration of admin@cgv.tugraz.at at cgv.tugraz.at
aklog: Badly formed name (group prefix doesn't match owner?) so unable to 
create remote PTS user admin@cgv.tugraz.at in cell cgv.tugraz.at (status: 
267272).
Set username to admin@cgv.tugraz.at
Setting tokens. admin@cgv.tugraz.at /  @ CGV.TUGRAZ.AT
root@rtype /etc/openafs # tokens

Tokens held by the Cache Manager:

Tokens for afs@cgv.tugraz.at [Expires Jun 26 20:20]
   --End of list--
root@rtype /etc/openafs #                    

But I obtained a token and can browse AFS filespace.

> Jeffrey Altman
> Secure Endpoints Inc.
> 
> 
>