[OpenAFS] rxkad error=19270408
Jeffrey Altman
jaltman@secure-endpoints.com
Wed, 22 Apr 2009 07:34:43 -0400
Ted Creedon wrote:
> Gets a krb5 ticket but now reports "Credentials could not be obtained
> for cell creedon.biz <http://creedon.biz>"
What does "aklog -d creedon.biz" report?
> The krb5kdc log shows a ticket issued: XP Client no longer loops.
Of course not. You have no token.
> OAFS for XP 1.5.5700, Keys on geronimo (oafs server) are OK:
Current is 1.5.59.
> The problem seems to be between machines, the client works fine on
> geronimo, ookpik thinks it has credentials but loops requiring a hard
> reset and writes kernel messages rkaxd errror when a "ls /afs" is done.
>
> Here's some output from the server indicating all is well:
>
> geronimo:/usr/afs/etc # bos listkeys geronimo
> key 12 has cksum 1719615452
> Keys last changed on Tue Apr 21 16:05:32 2009.
> All done.
> geronimo:/usr/afs/etc # ls /afs
> .creedon.biz <http://creedon.biz> creedon.biz <http://creedon.biz>
> geronimo:/usr/afs/etc # asetkey list
> kvno 12: key is: f8978331920eabda
And once again you have published your key. The actual key that
I can put into a keytab, use to generate my own tokens, and
delete all of the content in your cell.
You can now go and change the key again and delete this one
from your cell.
> All done.
> geronimo:/usr/afs/etc # klist -k /etc/keytab -t -K|g afs
> klist: No such file or directory while starting keytab scan
> geronimo:/usr/afs/etc # klist -k /etc/krb5.keytab -t -K|g afs
> 12 04/21/09 15:59:35 afs/creedon.biz <http://creedon.biz>@CREEDON.BIZ
> <http://CREEDON.BIZ> (0xf8978331920eabda)
> geronimo:/usr/afs/etc #
How about this? Everytime you publish your key to the mailing
list and we point it out to you, you put $100,000 into the OpenAFS
Fund.
Jeffrey Altman