[OpenAFS] Re: New Keyfile and strange behaviour on clients

Aldo Necci necci@dia.uniroma3.it
Fri, 11 May 2012 18:08:05 +0200 

On Fri, May 11, 2012 16:03, Andrew Deason wrote:
> On Fri, 11 May 2012 09:37:58 -0400
> Jeff Blaine <jblaine@kickflop.net> wrote:
>
>> > - "tokens" gives this output:
>> >
>> > Tokens held by the Cache Manager:
>> >
>> > Tokens for afs@dia.uniroma3.it [Expires May 10 22:50]
>> >     --End of list--
>>
>> Shows no tokens.
>
> No, it shows tokens for the 'dia.uniroma3.it' cell, but the vice id for
> the tokens is unknown.
>
> Aldo, are you able to access anything in /afs with these tokens? What
> platform are the clients? (RHEL, Solaris, etc) Does 'login' mean via
> ssh, or through graphical login, or ... ? How did you have them
> configured to obtain tokens on login? If you used PAM, what is your PAM
> config?
>

Hi Andrew,

I can use/edit any file in my home dir and I can visit other area
in /afs/dia.uniroma3.it/.... with that "generic" AFS token.

The clients are SL 6.2 (Scientific Linux is similar to RHEL) and before
I made the asetkey command everything was ok, I mean I got the
right AFS token and also the AFS kerberos ticket after the login.

Now when I make a login via SSH I have:

$ klist
Ticket cache: FILE:/tmp/krb5cc_10001_IEnkaN5313
Default principal: necci@DIA.UNIROMA3.IT

Valid starting     Expires            Service principal
05/11/12 17:53:28  05/12/12 03:53:28  krbtgt/DIA.UNIROMA3.IT@DIA.UNIROMA3=
.IT
        renew until 05/12/12 17:53:28

$ tokens

Tokens held by the Cache Manager:

Tokens for afs@dia.uniroma3.it [Expires May 12 03:53]
   --End of list--

After "aklog" I have this new situation:

$ klist
Ticket cache: FILE:/tmp/krb5cc_10001_IEnkaN5313
Default principal: necci@DIA.UNIROMA3.IT

Valid starting     Expires            Service principal
05/11/12 17:53:28  05/12/12 03:53:28  krbtgt/DIA.UNIROMA3.IT@DIA.UNIROMA3=
.IT
        renew until 05/12/12 17:53:28
05/11/12 18:01:41  05/12/12 03:53:28  afs/dia.uniroma3.it@DIA.UNIROMA3.IT
        renew until 05/12/12 17:53:28

$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 10001) tokens for afs@dia.uniroma3.it [Expires May 12 03:5=
3]
   --End of list--


I got this situation on any clients before I did "asetkey". The clients
and server configuration are the same before and after I did "asetkey".

Thanks,
Aldo Necci





-----------------------------------------
This email was sent using SquirrelMail.
https://webmail.dia.uniroma3.it
Web Site: http://www.squirrelmail.org