[OpenAFS] Can't get tokens since upgrading to 1.7.6 and Heimdal
Wed, 22 Feb 2012 10:30:40 -0500
The problem isn't "it's not finding afs/sub.my.org@SUB.MY.ORG"
The problem is: "it's not looking for afs@SUB.MY.ORG"
It should do that.
OpenAFS Quick Start Guide:
Begin by creating the following two entires in your site's Kerberos
The entry for AFS server processes, called either afs or afs/cell.
On 2/22/2012 10:15 AM, David Goldberg wrote:
> It should have it. The exact same krb.conf file except for the
> allow_weak_crypto line worked fine before when I was using MIT kerberos.
> I will check with the admin, though.
> Dave Goldberg
> Ken Dreyer <firstname.lastname@example.org> wrote:
> On Wed, Feb 22, 2012 at 6:44 AM, David Goldberg
> <email@example.com> wrote:
> > $ aklog -d
> > Authenticating to cellsub.my.org <http://sub.my.org>.
> > Getting v5 tickets: afs/sub.my.org <http://sub.my.org>@SUB.MY.ORG
> > Getting v5 tickets: afs/sub.my.org <http://sub.my.org>@MY.ORG
> > Getting v5 tickets: afs@MY.ORG
> > Kerberos error code returned by get_cred: -1765328377
> > aklog.exe: Couldn't getsub.my.org <http://sub.my.org> AFS tickets: UNKNOWN_SERVER
> Looks like aklog is asking for the Kerberos service principal
> "afs/sub.my.org <http://sub.my.org>@SUB.MY.ORG" (and variations), but the KDC is saying
> that it doesn't know that principal. Are you sure it is present in
> your KDC's database? Is DES enabled on this principal and on the KDC?