[OpenAFS] host principal and keytab
Andrew Bacchi
bacchi@rpi.edu
Tue, 08 Jan 2008 15:00:47 -0500
It doesn't have permissions as rcmd.server, either.
sorry to confuse you, but the K5 host principal also has the .net in it,
my typo. Let's just say the principal matches the PTS entry.
Do I need to make a 524 conversion?
Jeffrey Altman wrote:
> I said what I said for a reason.
>
> rcmd.server.net != rcmd.server
>
> Andrew Bacchi wrote:
>> I'm still going around with this one. I can't seem to get the acl
>> right on the directory. I've tried setting the acl with each of the
>> following, but I cannot list files in that directory.
>>
>> rcmd.server.net rlidw
>> host/server.net rlidw
>> host/server.net.rpi.edu rlidw
>>
>> I do get K5 tickets with kinit -k, and AFS tokens with aklog in the
>> form host/server.rpi.edu@RPI.EDU
>>
>> the PTS entry is rcmd.server.net
>>
>> What am I doing wrong?
>>
>> Thanks
>>
>> Jeffrey Altman wrote:
>>> Andrew Bacchi wrote:
>>>> The PTS entry is the part I missed so far. To clarify, the K4
>>>> principal
>>>> should look like rcmd.server@REALM, not rcmd.server.rpi.edu@REALM,
>>>> correct?
>>>
>>> The PTS entry will be "rcmd.server", the Kerberos v4 principal will
>>> be "rcmd.server@REALM", and the Kerberos v5 principal is
>>> "host/server.domain@REALM"
>>>
>>
--
veritatis simplex oratio est
-Seneca
Andrew Bacchi
Systems Programmer
Information Technologies Infrastructure
Rensselaer Polytechnic Institute
phone: 518.276.6415 fax: 518.276.2809
http://www.rpi.edu/~bacchi/
--
veritatis simplex oratio est
-Seneca
Andrew Bacchi
Systems Programmer
Information Technologies Infrastructure
Rensselaer Polytechnic Institute
phone: 518.276.6415 fax: 518.276.2809
http://www.rpi.edu/~bacchi/