[OpenAFS] Re: Odd token/fileserver permission denied problem
Fri, 31 Jul 2009 08:45:18 -0400 (EDT)
On Thu, the 9th of Av, 5769 (07/30/2009) Andrew Deason wrote:
> On Thu, 30 Jul 2009 13:51:06 -0400 (EDT)
> Gedaliah Wolosh <email@example.com> wrote:
>> On Thu, the 9th of Av, 5769 (07/30/2009) Jeffrey Altman wrote:
>>> Gedaliah Wolosh wrote:
>>>> Currently our cell is authenticating to both the KA server and
>>>> Krb5. The AFS Keyfile contains principals for both afs and
>>>> afs/cellname. The KeyFile is distributed via upclient. This has
>>>> been working for several months without issue.
>>>> A new file server was put in place. If aklog is used to get a
>>>> token, the token does not give the user permission in any volume
>>>> served by this new file server. A token obtained by klog is fine.
>>> The kaserver token will be issued from a realm with the same name
>>> as the cell. What is the name of the Kerberos v5 realm and if it
>>> is not the same, does it exist in the afs krb.conf file?
>> The Kerberos v5 realm is different from the name of the cell, however
>> the realm name IS in the afs krb.conf file.
> Just to be sure; what is the full path to the krb.conf you're talking
> When you aklog, does 'tokens' still show that you have tokens after you
> try something where you are denied permission?
> Have you tried restarting the fileserver processes after you've verified
> that /usr/afs/etc is the same as the others?
University Computing Systems - IST
New Jersey Institute of Technology
> Andrew Deason
> OpenAFS-info mailing list