Fwd: [OpenAFS] "reauth" code?
Brandon Allbery
allbery.b@gmail.com
Fri, 31 Aug 2012 15:56:39 -0400
--485b397dd3efba1fe404c89530b4
Content-Type: text/plain; charset=UTF-8
On Fri, Aug 31, 2012 at 3:43 PM, Gary Gatling <gsgatlin@ncsu.edu> wrote:
> /usr/local/bin/k5start -U -f /afs/
> unity.ncsu.edu/users/g/gsgatlin/engrranger.ktb
> Kerberos initialization for engrranger@EOS.NCSU.EDU
> k5start: error getting credentials: Client 'engrranger@EOS.NCSU.EDU' not
> found in Kerberos database
>
> Does this error indicate the account is not there?
>
> I was able to test the password of engrranger via klog, eg:
>
> pagsh
> klog engrranger
> Password:
>
Um. klog means you are using kaserver, which is krb4 only (and has
significant security issues; make it go away). kinit and k5start are not
going to work, unless you have things configured such that keys can come
from a kaserver or a separate krb5 KDC (look for a krb.conf in the AFS
server config and multiple kvno-s listed by asetkey) in which case you need
to find out what it takes to get the principal added to the latter.
--
brandon s allbery allbery.b@gmail.com
wandering unix systems administrator (available) (412) 475-9364 vm/sms
--485b397dd3efba1fe404c89530b4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Fri, Aug 31, 2012 at 3:43 PM, Gary Gatling <span dir=3D=
"ltr"><<a href=3D"mailto:gsgatlin@ncsu.edu" target=3D"_blank">gsgatlin@n=
csu.edu</a>></span> wrote:<br><div class=3D"gmail_quote"><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pa=
dding-left:1ex">
<div><div>/usr/local/bin/k5start -U -f /afs/<a href=3D"http://unity.ncsu.ed=
u/users/g/gsgatlin/engrranger.ktb" target=3D"_blank">unity.ncsu.edu/users/g=
/gsgatlin/engrranger.ktb</a></div>
<div>Kerberos initialization for <a href=3D"mailto:engrranger@EOS.NCSU.EDU"=
target=3D"_blank">engrranger@EOS.NCSU.EDU</a></div><div>k5start: error get=
ting credentials: Client '<a href=3D"mailto:engrranger@EOS.NCSU.EDU" ta=
rget=3D"_blank">engrranger@EOS.NCSU.EDU</a>' not found in Kerberos data=
base</div>
</div><div><br></div><div>Does this error indicate the account is not there=
?</div><div><br></div><div>I was able to test the password of engrranger vi=
a klog, eg:</div><div><br></div><div>pagsh</div><div><div>klog engrranger</=
div>
<div>Password:</div><div></div></div></blockquote></div><br>Um. =C2=A0klog =
means you are using kaserver, which is krb4 only (and has significant secur=
ity issues; make it go away). =C2=A0kinit and k5start are not going to work=
, unless you have things configured such that keys can come from a kaserver=
or a separate krb5 KDC (look for a krb.conf in the AFS server config and m=
ultiple kvno-s listed by asetkey) in which case you need to find out what i=
t takes to get the principal added to the latter.<br clear=3D"all">
<div><br></div>-- <br>brandon s allbery =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"mailto:allbery.b@gmail.com" target=3D"_b=
lank">allbery.b@gmail.com</a><br>wandering unix systems administrator (avai=
lable) =C2=A0 =C2=A0 (412) 475-9364 vm/sms<br>
<br>
</div>
--485b397dd3efba1fe404c89530b4--