On Tue, 2005-03-15 at 16:27 +0100, Lars Schimmer wrote: > Ok, these are my first steps with kerberos 5 and I'm willing to learn, but why > does OpenAFS not accept my valid tokens? I assumed with a valid token I can > access the OpenAFS tree... > Any hints?
Hi Lars- I've been running an integrated kerberos5/openafs system for about 1-2 years now, integrating the two with Ken Hornstein's migration kit, so I'm certainly no AFS guru but I might be able to help. Based on what you've written here, it's not clear to me exactly what the problem is, aside from: you run kinit, aklog, and try to access a directory on an AFS volume that you expect this user should have privileges on and fail. Is that about right? Have you run the tokens command to examine the tokens held by the Cache Manager? I'd say that would be a good thing to do if you haven't already. It's kind-of the AFS equivalent of klist (for examining your tickets) in kerberos. If I understood correctly, you are having some problems getting tokens with aklog. Perhaps your configuration is not quite right. Are you using the Quick Beginnings Guide as a general guide (can't follow exactly of course because it assumes you're using kaserv for auth instead of kerberos5). If so, then perhaps you could explain exactly where in that guide things go differently with your system than you would expect or than is indicated in the guide. If you'll supply some of that detail, then I might be able to help. Someone else here can perhaps understand your issue better and offer help directly, too. -- -Kevin http://www.gnosys.us _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info