[OpenAFS] Re: aklog carps Couldn't determine realm of user
Ted Creedon
tcreedon@easystreet.net
Thu, 22 Dec 2016 06:07:08 +0000
Heimdal set the ticket up..(I think)
So how does one login krbtgt?
PS making progress on the glibc/swig bug
Suse Leap uses glibc 2.22 the current is 2.24, offhand I suspect something=
like a missing .align 64
tedc
admin@CREEDON.BIZ's Password:
ookpik:/data1/openafs-1.8.0pre1 # klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: admin@CREEDON.BIZ
Issued Expires Principal
Dec 21 21:52:59 2016 >>>Expired<<< krbtgt/CREEDON.BIZ@CREEDON.BIZ
kadmin> get krbtgt*
Principal: krbtgt/CREEDON.BIZ@CREEDON.BIZ
Principal expires: never
Password expires: never
Last password change: 2016-12-17 01:03:08 UTC
Max ticket life: unlimited
Max renewable life: unlimited
Kvno: 1
Mkvno: unknown
Last successful login: never
Last failed login: never
Failed login count: 0
Last modified: 2016-12-17 01:03:08 UTC
Modifier: kadmin/admin@CREEDON.BIZ
Attributes:
Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], des3-cbc-sha1(p=
w-salt)[1], arcfour-hmac-md5(pw-salt)[1]
PK-INIT ACL:
Aliases:
Principal: krbtgt/creedon.biz@CREEDON.BIZ
Principal expires: never
Password expires: never
Last password change: 2016-12-20 00:29:08 UTC
Max ticket life: unlimited
Max renewable life: unlimited
Kvno: 1
Mkvno: unknown
Last successful login: never
Last failed login: never
Failed login count: 0
Last modified: 2016-12-20 00:29:08 UTC
Modifier: kadmin/admin@CREEDON.BIZ
Attributes:
Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], des3-cbc-sha1(p=
w-salt)[1], arcfour-hmac-md5(pw-salt)[1]
PK-INIT ACL:
Aliases:
________________________________________
From: Michael Meffie <mmeffie@sinenomine.net>
Sent: Wednesday, December 21, 2016 6:15:58 AM
To: Ted Creedon
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user
On Wed, 21 Dec 2016 02:21:13 +0000
Ted Creedon <tcreedon@easystreet.net> wrote:
> if
> KRB5CCNAME=3D"FILE:/tmp/krb5cc_0"
> is set
>
> one gets:
>
> aklog -d
> Authenticating to cell creedon.biz (server ookpik.creedon.biz).
> Trying to authenticate to user's realm CREEDON.BIZ.
> Getting tickets: afs/creedon.biz@CREEDON.BIZ
> Kerberos error code returned by get_cred : -1765328352
> aklog: Couldn't get creedon.biz AFS tickets:
> aklog: Ticket expired while getting AFS tickets
Thanks for testing 1.8.0pre1 Ted. That error code indicates
the ticket has expired,
krb5 error -1765328352 =3D KRB5KRB_AP_ERR_TKT_EXPIRED
What does klist show?
Thanks,
Mike