[OpenAFS] Can't get tokens since upgrading to 1.7.6 and Heimdal

Ken Dreyer ktdreyer@ktdreyer.com
Wed, 22 Feb 2012 06:59:45 -0700


On Wed, Feb 22, 2012 at 6:44 AM, David Goldberg
<david.goldberg6@verizon.net> wrote:
> $ aklog -d
> Authenticating to cell sub.my.org.
> Getting v5 tickets: afs/sub.my.org@SUB.MY.ORG
> Getting v5 tickets: afs/sub.my.org@MY.ORG
> Getting v5 tickets: afs@MY.ORG
> Kerberos error code returned by get_cred: -1765328377
> aklog.exe: Couldn't get sub.my.org AFS tickets: UNKNOWN_SERVER

Looks like aklog is asking for the Kerberos service principal
"afs/sub.my.org@SUB.MY.ORG" (and variations), but the KDC is saying
that it doesn't know that principal. Are you sure it is present in
your KDC's database? Is DES enabled on this principal and on the KDC?

- Ken