[OpenAFS] Fileserver doesn't recognise host-principals
Douglas E. Engert
Wed, 03 Sep 2008 09:49:06 -0500
Frank Burkhardt wrote:
> I've got a strange problem here. Some of my AFS-client-machines must
> put some stuff into AFS on a regular basis. Since all of them have
> a host/...-Keytab, I wanted to use it as AFS-identity:
> admin@afs $ pts create host.somehost.cbs.mpg.de
> User host.somehost.cbs.mpg.de has id 2000000044
> root@somehost # kinit -k -t /etc/krb5.keytab
> root@somehost # klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: host/somehost.cbs.mpg.de@CBS.MPG.DE
> Valid starting Expires Service principal
> 08/26/08 16:22:11 08/27/08 18:22:11 krbtgt/CBS.MPG.DE@CBS.MPG.DE
> Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc mode with HMAC/sha1
> 08/26/08 16:22:49 08/27/08 18:22:11 afs@CBS.MPG.DE
> Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> root@somehost # aklog
> root@somehost # tokens
> Tokens held by the Cache Manager:
> User's (AFS ID 2000000044) tokens for firstname.lastname@example.org [Expires Aug 27 18:22]
> --End of list--
> However, when I try to create a file in AFS, I'm recognised as anonymous:
> root@somehost # cd /afs/cbs.mpg.de/tmp/leipzig;rm -f xxx
> root@somehost # touch xxx
> root@somehost # ls -la xxx
> -rw-r--r-- 1 anonymous root 0 Aug 26 16:25 xxx
ls -l uses the host's mapping of UID to names.
So was the file written with the anonymous UID?
ls -ln should show the UID.
What mappings are /etc/passwd, NIS or LDAP?
> There's nothing suspicious in the AFS-client's dmesg or in the fileserver's
> Does anyone have an idea, what might cause this problem? I use keytabs+AFS
> all the time. The problem just affects host-keytabs - on at least 3 of my
What systems? Do they may unknown UIDs to anonymous?
> Thank you for any hints.
> OpenAFS-info mailing list
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439