[OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
Davor Ocelic
docelic@spinlocksolutions.com
Mon, 11 May 2009 01:56:52 +0200
On Sat, 2 May 2009 04:54:04 -0700
Xiong Jiang <linuster@gmail.com> wrote:
> Problem solved by using the key for afs/cell.name@REALM.NAME, instead
> of afs@REALM.NAME. I don't know why I cannot use the later.
>
> So the section about the Kerberos principal and key in the guide at
> http://www.debian-administration.org/article/OpenAFS_installation_on_Debian
> should be:
>
> sudo rm -f /tmp/afs.keytab
> sudo kadmin.local
> Authenticating as principal root/admin@SPINLOCK.HR with password.
>
> kadmin.local: addprinc -policy service -randkey -e des-cbc-crc:v4
> afs/spinlock.hr
> Principal "afs/spinlock.hr@SPINLOCK.HR" created.
>
> kadmin.local: ktadd -k /tmp/afs.keytab -e des-cbc-crc:v4
> afs/spinlock.hr Entry for principal afs with kvno 3, encryption type
> DES cbc mode with CRC-32 added to keytab WRFILE:/tmp/afs.keytab.
>
> kadmin.local: quit
This usually works, it may be non-working due to some quirk in your
setup.
I'll see if I'll update the guide, because I'm not sure that "masking"
the possible misconfiguration that you have somewhere in this way
is good or bad.
If you find out the specific problem in your setup that prevented this
from working with as-is instructions from d-a guide, let us know.
Cya,
-doc