[OpenAFS] Re: Fresh install with AES key only. Can't authenticate.
Andrew Deason
adeason@sinenomine.net
Fri, 8 Aug 2014 14:47:50 -0500
On Fri, 08 Aug 2014 21:21:15 +0200
GALAMBOS Daniel <dancsa@dancsa.hu> wrote:
> root@afstest:~# ktutil -k /etc/openafs/server/rxkad.keytab list
> /etc/openafs/server/rxkad.keytab:
>
> Vno Type Principal Aliases
> 1 aes256-cts-hmac-sha1-96 afs/afstest.elte.hu@ELTE.HU
At first glance, this is maybe because your cell name (afstest.elte.hu)
does not match your realm name (elte.hu). So various tools are
recognizing you as the foreign user 'dancsa@elte.hu', not the local user
'dancsa'. You don't get an error for that because it's not necessarily
_wrong_; those are just two different users. aklog should detect this,
but maybe some logic in there is not behaving correctly.
Try putting the realm name ELTE.HU in this file:
<http://docs.openafs.org/Reference/5/krb.conf.html>, which will force
@ELTE.HU principal names to be recognized as 'local' users. On Debian
it's in /etc/openafs or /etc/openafs/server somewhere (check the
manpage). Restart the server processes after you do that, and if
everything works after that, that's what it was.
--
Andrew Deason
adeason@sinenomine.net