[OpenAFS] Fileserver doesn't recognise host-principals
Frank Burkhardt
fbo2@gmx.net
Tue, 2 Sep 2008 22:13:14 +0200
Hi,
I've got a strange problem here. Some of my AFS-client-machines must
put some stuff into AFS on a regular basis. Since all of them have
a host/...-Keytab, I wanted to use it as AFS-identity:
admin@afs $ pts create host.somehost.cbs.mpg.de
User host.somehost.cbs.mpg.de has id 2000000044
root@somehost # kinit -k -t /etc/krb5.keytab
root@somehost # klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/somehost.cbs.mpg.de@CBS.MPG.DE
Valid starting Expires Service principal
08/26/08 16:22:11 08/27/08 18:22:11 krbtgt/CBS.MPG.DE@CBS.MPG.DE
Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc mode with HMAC/sha1
08/26/08 16:22:49 08/27/08 18:22:11 afs@CBS.MPG.DE
Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
root@somehost # aklog
root@somehost # tokens
Tokens held by the Cache Manager:
User's (AFS ID 2000000044) tokens for afs@cbs.mpg.de [Expires Aug 27 18:22]
--End of list--
However, when I try to create a file in AFS, I'm recognised as anonymous:
root@somehost # cd /afs/cbs.mpg.de/tmp/leipzig;rm -f xxx
root@somehost # touch xxx
root@somehost # ls -la xxx
-rw-r--r-- 1 anonymous root 0 Aug 26 16:25 xxx
There's nothing suspicious in the AFS-client's dmesg or in the fileserver's
FileLog.
Does anyone have an idea, what might cause this problem? I use keytabs+AFS
all the time. The problem just affects host-keytabs - on at least 3 of my
machines.
Thank you for any hints.
Regards,
Frank