[OpenAFS] (no subject)
Garrison, Eric C
ecgarris@indiana.edu
Wed, 8 Jul 2009 15:12:11 -0400
Jeffrey Altman wrote:
>
> Your Rx connection is unauthenticated. That means that
>
> (a) either you do not have an AFS token
>
> (b) the token contains a kvno that is not recognized by the AFS server
>
> (c) the token is bad in some other way
>
> On Windows using the MIT KFW klist command, what does "klist -e" show
> when you have an afs/afstest.iu.edu@ADS.IU.EDU service ticket in the cache?
I have done an "aklog -c afstest.iu.edu" giving the following output
for "tokens":
Tokens held by the Cache Manager:
User's (AFS ID 37302) tokens for afs@afstest.iu.edu [Expires Jul 9 00:53]
--End of list--
The kvno command comes back with the right kvno, as seen by ktutil for
the keytab, just as it was when I added it with astekey.
Here's what "klist -e" says:
Default principal: ecgarris@ADS.IU.EDU
Valid starting Expires Service principal
07/08/09 14:53:40 07/09/09 00:53:44 krbtgt/ADS.IU.EDU@ADS.IU.EDU
renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
07/08/09 14:53:56 07/09/09 00:53:44 afs/afstest.iu.edu@ADS.IU.EDU
renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
So what else should I look for in the token being bad in another way?
Thanks again,
Chris