[OpenAFS] Re: Fresh install with AES key only. Can't authenticate.

Daniel Galambos dancsa@dancsa.hu
Fri, 08 Aug 2014 22:58:55 +0200


Thanks a lot, this solved the problem.

2014.08.08. 21:47 keltez=E9ssel, Andrew Deason =EDrta:
> On Fri, 08 Aug 2014 21:21:15 +0200
> GALAMBOS Daniel <dancsa@dancsa.hu> wrote:
>
>> root@afstest:~# ktutil -k /etc/openafs/server/rxkad.keytab list
>> /etc/openafs/server/rxkad.keytab:
>>
>> Vno  Type                     Principal                    Aliases
>>    1  aes256-cts-hmac-sha1-96  afs/afstest.elte.hu@ELTE.HU
>
> At first glance, this is maybe because your cell name (afstest.elte.hu)
> does not match your realm name (elte.hu). So various tools are
> recognizing you as the foreign user 'dancsa@elte.hu', not the local use=
r
> 'dancsa'. You don't get an error for that because it's not necessarily
> _wrong_; those are just two different users. aklog should detect this,
> but maybe some logic in there is not behaving correctly.
>
> Try putting the realm name ELTE.HU in this file:
> <http://docs.openafs.org/Reference/5/krb.conf.html>, which will force
> @ELTE.HU principal names to be recognized as 'local' users. On Debian
> it's in /etc/openafs or /etc/openafs/server somewhere (check the
> manpage). Restart the server processes after you do that, and if
> everything works after that, that's what it was.
>