-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Sergio Gelato schrieb: | Unfortunately, that doesn't mean you got the same token in both cases. | | What service principal are you using for your AFS cell? Is it | afs/[EMAIL PROTECTED] or simply [EMAIL PROTECTED] ? If both principals are known to the | KDC, you may be running into consistency problems.
I use the debian packages and there is README.gz along with, that I followed. I setup the principal [EMAIL PROTECTED] in first place. asetkey list gave a kvno of 0 for the afs key, so i used: % kadmin.local -q "modprinc -kvno 0 [EMAIL PROTECTED]" than ~ kadmin: ktadd -k /etc/krb5.keytab [EMAIL PROTECTED] after that asetkey add 1 /etc/krb5.keytab afs and than I removed the afs principal: ~ kadmin: ktremove -k /etc/krb5.keytab [EMAIL PROTECTED] all
After that I manually copy the afs-KEyfile to all fileservers.
| While you're at it, show us the kvno and enctype for the key in the AFS | keyfile on the servers; then the output of "klist -v" after a kinit+aklog | sequence. It would also be helpful if you could run aklog with the -d | option and include the debugging output produced.
Ok, lets go: aklog -d Authenticating to cell cg.cs.tu-bs.de (server afsmaster.cg.cs.tu-bs.de). We've deduced that we need to authenticate to realm CG.CS.TU-BS.DE. Getting tickets: afs/[EMAIL PROTECTED] About to resolve name schimmer to id in cell cg.cs.tu-bs.de. Id 5584 Set username to AFS ID 5584 Setting tokens. AFS ID 5584 / @ CG.CS.TU-BS.DE
~ asetkey list kvno 0: key is: YYYYYf855XXXXXXX kvno 1: key is: YYYYY80e2XXXXXXX
Enctype, hu, haven´t made anything special.
~ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal 03/16/05 10:19:17 03/16/05 20:19:15 krbtgt/[EMAIL PROTECTED] 03/16/05 10:19:20 03/16/05 20:19:15 [EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached
Thats all I can provide right now... Thx for your help
Cya Lars - -- - ----------------------------------------------------------------- Technische Universität Braunschweig, Institut für Computergraphik Tel.: +49 531 391-2109 E-Mail: [EMAIL PROTECTED] PGP-Key-ID: 0xB87A0E03 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32)
iD8DBQFCN/23VguzrLh6DgMRAnY7AJ0S2bi6k8Q5tlzL49K9OBHblONFRACeKO8X oEN9naoTjmgVlyLtS407CoA= =WGnD -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
