[OpenAFS] Quick Start Kerberos problem: can acquire tokens, but they don't work

Phillip Moore w.phillip.moore@gmail.com
Fri, 1 Oct 2010 08:37:44 -0400


--0016e68ce6f2126afc04918d769f
Content-Type: text/plain; charset=ISO-8859-1

That makes a lot of sense to me.  The guide is already VERY complicated, and
adding unnecessary options, and yet another decision the user has to
research doesn't make anything easier.

Derrick also pointed out that openafs-krb5 includes aklog as well, which you
need later in the process, so in the interest of minimum necessary
complexity, I'll leave the discussion of ktutil out of the guide for now.

On Fri, Oct 1, 2010 at 1:19 AM, Brandon S Allbery KF8NH <allbery@ece.cmu.edu
> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 9/30/10 17:58 , Phillip Moore wrote:
> > If that's the case, then do Heimdal users need to bother with the
> > openafs-krb5 rpm at all?
>
> If this is going into a quick start guide, I would be tempted to say that
> because asetkey will work with Heimdal it should be preferred instead of
> splitting into Heimdal- and MIT-specific parts.
>
> (Also, the fact that "ktutil list" on an AFSKEYFILE will manufacture realm
> /
> cell information that isn't actually there could actually complicate
> debugging these kinds of issues.  asetkey at least doesn't pretend they're
> there.)
>
> - --
> brandon s. allbery     [linux,solaris,freebsd,perl]      allbery@kf8nh.com
> system administrator  [openafs,heimdal,too many hats]  allbery@ece.cmu.edu
> electrical and computer engineering, carnegie mellon university      KF8NH
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.10 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkylb2YACgkQIn7hlCsL25UZqACfTuS8Xutm5FkqjC9+2bE6n8Rm
> PU8AoNNF4L7VdCNpE7zzHQI5VqND/SpU
> =8oEs
> -----END PGP SIGNATURE-----
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>

--0016e68ce6f2126afc04918d769f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div><br></div>That makes a lot of sense to me. =A0The guide is already VER=
Y complicated, and adding unnecessary options, and yet another decision the=
 user has to research doesn&#39;t make anything easier.<div><br></div><div>
Derrick also pointed out that openafs-krb5 includes aklog as well, which yo=
u need later in the process, so in the interest of minimum necessary comple=
xity, I&#39;ll leave the discussion of ktutil out of the guide for now.</di=
v>
<div><br></div><div><div class=3D"gmail_quote">On Fri, Oct 1, 2010 at 1:19 =
AM, Brandon S Allbery KF8NH <span dir=3D"ltr">&lt;<a href=3D"mailto:allbery=
@ece.cmu.edu">allbery@ece.cmu.edu</a>&gt;</span> wrote:<br><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<div class=3D"im"><br>
On 9/30/10 17:58 , Phillip Moore wrote:<br>
&gt; If that&#39;s the case, then do Heimdal users need to bother with the<=
br>
&gt; openafs-krb5 rpm at all?<br>
<br>
</div>If this is going into a quick start guide, I would be tempted to say =
that<br>
because asetkey will work with Heimdal it should be preferred instead of<br=
>
splitting into Heimdal- and MIT-specific parts.<br>
<br>
(Also, the fact that &quot;ktutil list&quot; on an AFSKEYFILE will manufact=
ure realm /<br>
cell information that isn&#39;t actually there could actually complicate<br=
>
debugging these kinds of issues. =A0asetkey at least doesn&#39;t pretend th=
ey&#39;re<br>
there.)<br>
<br>
- --<br>
brandon s. allbery =A0 =A0 [linux,solaris,freebsd,perl] =A0 =A0 =A0<a href=
=3D"mailto:allbery@kf8nh.com">allbery@kf8nh.com</a><br>
system administrator =A0[openafs,heimdal,too many hats] =A0<a href=3D"mailt=
o:allbery@ece.cmu.edu">allbery@ece.cmu.edu</a><br>
electrical and computer engineering, carnegie mellon university =A0 =A0 =A0=
KF8NH<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.10 (Darwin)<br>
Comment: Using GnuPG with Mozilla - <a href=3D"http://enigmail.mozdev.org/"=
 target=3D"_blank">http://enigmail.mozdev.org/</a><br>
<br>
iEYEARECAAYFAkylb2YACgkQIn7hlCsL25UZqACfTuS8Xutm5FkqjC9+2bE6n8Rm<br>
PU8AoNNF4L7VdCNpE7zzHQI5VqND/SpU<br>
=3D8oEs<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
<a href=3D"mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</a><br=
>
<a href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info" target=
=3D"_blank">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br>
</blockquote></div><br></div>

--0016e68ce6f2126afc04918d769f--