[OpenAFS] OpenAFS krb5 auth problems

Jeffrey Altman jaltman@secure-endpoints.com
Mon, 21 Feb 2011 10:57:47 -0500

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2/21/2011 1:07 AM, Carson Gaspar wrote:
> ARRGH! Of course all the krb5.conf bits were correct, but I forgot all
> about krb.conf. Many thanks for preventing me from removing more of my
> hair.
> Other than "duh, you should have known that", is there anything I could=

> have done to enable debugging sufficient to tell me why it was failing?=

> (And I look forward to the day all the legacy K4 crud can go away...)

This has very little to do with Kerberos v4 vs Kerberos v5.

Unfortunately there are very few debugging mechanisms for this failure
case.  The Kerberos v5 principal is valid but there is no matching entry
in the protection database.  I want to add a "WhoAmI" RPC that will
permit the client to ask a server what identity it thinks the user is.
That would be one method of validating the configuration.  Otherwise,
you need to turn the audit logging on.

Jeffrey Altman

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)