[OpenAFS] Re: A problem with authentication

Love Hörnquist Åstrand lha@kth.se
Mon, 19 Mar 2007 03:28:45 +1000


>      Server not found in database: afs/cellname@REALMNAME: No such  
> entry in the database

Just ignore this error, its kinit/pam modules trying to do afslog and  
tries diffrent names
for the service. You might have a afs@REALMNAME if cellname and  
realmname
only differ in case-ing.

> and at the same time in heimdal-kdc log I find:
>
>      AS-REQ username@REALMNAME from IPv4:ipaddress for krbtgt/ 
> REALMNAME@REALMNAME
>      Using des-cbc-crc/des-cbc-crc
>      Requested flags: renewable_ok, proxiable, forwardable
>      sending 493 bytes to IPv4:ipaddress
>      AS-REQ username@REALMNAME from IPv4:ipaddress for krbtgt/ 
> REALMNAME@REALMNAME
>      Using des-cbc-crc/des-cbc-crc
>      Requested flags: renewable_ok, proxiable, forwardable
>      sending 493 bytes to IPv4:ipaddress
>
> To me this looks as though the login ought to have succeeded.
> Any clarification welcome.

You should check for a TGS req just below it for host/hostname@REALM
that the hosts uses to verify the login.

Love