[OpenAFS] openafs installation
Sun, 28 Dec 2008 22:07:06 +0600
the key was created on KDC with: addprinc -policy service -randkey -e
as far as i understand it defines ony des for communication?
i did not modify a key - this is my first afs installation and i was
just folloing the howto.
how do I check if aklog is using the right keyfile?
I have also tried to get some help through IRC, but unfortunately, the
only person who tried to help me, didn't have much time.
this is a log http://www.ece.cmu.edu/~allbery/lambdabot/logs/openafs/2008-12-26.txt.
my nick is n-other in this talk.
is there anything useful can be found from this log to help me with
2008/12/27 Russ Allbery <email@example.com>:
> "Roman Hlynovskiy" <firstname.lastname@example.org> writes:
>> I am trying to implement openafs to a couple of servers according to
>> this guide: http://www.debian-administration.org/articles/610
>> goes fine
>> kinit root/admin; aklog
>> also ok
>> but afs-rootvol
>> fails on fs sa /afs system:anyuser rl
>> fs sa /afs system:anyuser rl
>> fs: You don't have the required access rights on '/afs'
>> Failed: 256
>> at the same time openafs module dumps the following line to dmesg:
>> afs: Tokens for user of AFS id 0 for cell forever.kz are discarded
>> (rxkad error=19270407)
> windlord:~> translate_et 19270407
> 19270407 (rxk).7 = security object was passed a bad ticket
> Chances are fairly high that this error message means that your AFS server
> disagrees with your Kerberos server about the afs/* key. In other words,
> what you have in the KeyFile for your AFS server doesn't match what's in
> the KDC, either in the key or in the kvno. Possible causes:
> * The key in the KDC is not restricted to only a DES enctype.
> * You've changed the KDC key (such as with a subsequent kadmin addkey
> command) since you imported the key into the AFS KeyFile with asetkey.
> * You specified the wrong kvno in the asetkey command.
> * You have both an afs key and an afs/<cell> key in Kerberos and aklog
> isn't using the one that you expect it to use.
> Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>
...WBR, Roman Hlynovskiy