[OpenAFS] Re: Multiple Kerberos realm support
Andrew Deason
adeason@sinenomine.net
Thu, 10 May 2012 10:57:47 -0500
On Thu, 10 May 2012 10:02:10 -0400
Jeff White <jaw171@pitt.edu> wrote:
> Now I tried to add support for the realm UNIV.PITT.EDU (the real one
> running on Windows Server 2003 AD):
I thought it was Windows Server 2008 R2? Or was that just PITT.EDU?
> [root@afs-dev-03 ~]# asetkey add 4 /var/tmp/afskerbuser.keytab
> afs/pitt.edu@UNIV.PITT.EDU
How exactly did you generate this keytab?
> [jaw171@afs-dev-03 ~]$ aklog -d
'klist -e' after this? Though I expect that the ticket you've got is
fine.
> Here is hangs forever and I see this being spit out to the console of
> the machine as fast as it can:
> afs: Tokens for user of AFS id 354461 for cell pitt.edu: rxkad
> error=19270407
"The KeyFile data is wrong"
> So what's happening here? Sometimes as I'm trying to do this I have
> been able to get it to give a "Permission denied" on that touch rather
> than hanging even though I have a token that should give me access.
> The docs mention that the keys in the Keyfile need to be in acending
> order.
What page says this? It may just be describing the KeyFile format, in
that the keys are stored in ascending kvno order.
--
Andrew Deason
adeason@sinenomine.net