[OpenAFS] Re: Multiple Kerberos realm support
Thu, 10 May 2012 10:57:47 -0500
On Thu, 10 May 2012 10:02:10 -0400
Jeff White <firstname.lastname@example.org> wrote:
> Now I tried to add support for the realm UNIV.PITT.EDU (the real one
> running on Windows Server 2003 AD):
I thought it was Windows Server 2008 R2? Or was that just PITT.EDU?
> [root@afs-dev-03 ~]# asetkey add 4 /var/tmp/afskerbuser.keytab
How exactly did you generate this keytab?
> [jaw171@afs-dev-03 ~]$ aklog -d
'klist -e' after this? Though I expect that the ticket you've got is
> Here is hangs forever and I see this being spit out to the console of
> the machine as fast as it can:
> afs: Tokens for user of AFS id 354461 for cell pitt.edu: rxkad
"The KeyFile data is wrong"
> So what's happening here? Sometimes as I'm trying to do this I have
> been able to get it to give a "Permission denied" on that touch rather
> than hanging even though I have a token that should give me access.
> The docs mention that the keys in the Keyfile need to be in acending
What page says this? It may just be describing the KeyFile format, in
that the keys are stored in ascending kvno order.