hi, I am starting a fresh cell on a test box & having trouble with correct creation of KeyFile. for some reason my notes done 3 years ago are not sufficient, & some advice is needed!
Presumably this is due either to: wrong enctype(s) incorrect extraction method does anybody see where I'm going horribly wrong? thanks, Dave # create afs KeyFile from heimdal & put in the right place # see below for krb5.conf [EMAIL PROTECTED]:/home/dave $ mkdir -m 700 p /etc/openafs/server [EMAIL PROTECTED]:/home/dave $ kadmin -p admin/krb kadmin> add --random-key --use-defaults afs kadmin> del_enctype afs des3-cbc-sha1 kadmin> get [EMAIL PROTECTED] Principal: [EMAIL PROTECTED] Principal expires: never Password expires: never Last password change: never Max ticket life: 1 day Max renewable life: 1 week Kvno: 1 Mkvno: 0 Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2007-03-08 21:57:02 UTC Modifier: admin/[EMAIL PROTECTED] Attributes: Keytypes: des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt), aes256-cts-hmac-sha1-96(pw-salt), arcfour-hmac-md5(pw-salt) kadmin> ext -k /tmp/afskeytabfile.krb5 afs kadmin> quit [EMAIL PROTECTED]:/home/dave $ ktutil -k /tmp/afskeytabfile.krb5 list /tmp/afskeytabfile.krb5: Vno Type Principal 1 des-cbc-md5 [EMAIL PROTECTED] 1 des-cbc-md4 [EMAIL PROTECTED] 1 des-cbc-crc [EMAIL PROTECTED] 1 aes256-cts-hmac-sha1-96 [EMAIL PROTECTED] 1 arcfour-hmac-md5 [EMAIL PROTECTED] [EMAIL PROTECTED]:/home/dave $ ktutil copy FILE:/tmp/afskeytabfile.krb5 AFSKEYFILE:/etc/openafs/server/KeyFile [EMAIL PROTECTED]:/home/dave $ /usr/local/sbin/bosserver -syslog -noauth [EMAIL PROTECTED]:/etc/openafs/server $ pafs 24807 /usr/local/sbin/bosserver -syslog -noauth 31579 /usr/libexec/afsd --log=/var/log/arlad.log --cpu-usage --check-consistency [EMAIL PROTECTED]:/home/dave $ /usr/local/sbin/bosserver -syslog -noauth [EMAIL PROTECTED]:/home/dave $ pafs 22752 /usr/local/sbin/bosserver -syslog -noauth 31579 /usr/libexec/afsd --log=/var/log/arlad.log --cpu-usage --check-consistency [EMAIL PROTECTED]:/home/dave $ /usr/local/bin/bos listkeys localhost bos: security object was passed a bad ticket error encountered while listing keys [EMAIL PROTECTED]:/home/dave $ /usr/local/bin/bos listkeys localhost -noauth bos: you are not authorized for this operation error encountered while listing keys [EMAIL PROTECTED]:/home/dave $ /usr/local/bin/bos listkeys localhost -localauth key 1 has cksum 250617512 key 1 has cksum 3616054386 Keys last changed on Fri Mar 9 10:59:32 2007. All done. [EMAIL PROTECTED]:/home/dave $ klist -vT Credentials cache: FILE:/tmp/krb5cc_0 Principal: admin/[EMAIL PROTECTED] Cache version: 4 Server: krbtgt/[EMAIL PROTECTED] Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 Auth time: Mar 9 10:08:01 2007 End time: Mar 10 02:48:01 2007 Ticket flags: initial Addresses: IPv4:10.0.0.3, IPv4:10.0.0.12, IPv4:10.0.0.20, IPv4:10.0.0.25, IPv4:10.0.0.27, IPv4:10.0.0.32 Server: [EMAIL PROTECTED] Ticket etype: des-cbc-crc, kvno 1 Auth time: Mar 9 10:08:01 2007 End time: Mar 10 02:48:01 2007 Ticket flags: transited-policy-checked Addresses: IPv4:10.0.0.3, IPv4:10.0.0.12, IPv4:10.0.0.20, IPv4:10.0.0.25, IPv4:10.0.0.27, IPv4:10.0.0.32 Mar 9 10:08:01 Mar 10 02:48:01 Tokens for muse.net.nz (256) [EMAIL PROTECTED]:/home/dave $ file:/etc/kerberosV/krb5.conf # $OpenBSD: krb5.conf.example,v 1.6 2005/02/07 06:08:10 david Exp $ # # Example Kerberos 5 configuration file. You may need to change the defaults # in this file to match your environment. # # See krb5.conf(5) and the heimdal infopage for more information. # # Normally, the realm should be your DNS domain name with uppercase # letters. In this example file, we've written the realm as MY.REALM # and the domain as my.domain to make it clear what we refer to. # # Normally, it is not necessary to do any changes on client-only # machines, as it's recommended that the information needed is put # in DNS. # On server machines, it is not strictly necessary, but it is recommended # to have local configuration. # [libdefaults] default_realm = MUSE.NET.NZ ticket_lifetime = 60000 clockskew = 300 [appdefaults] afs-use-524 = no afslog = yes [realms] MUSE.NET.NZ = { supported_keytypes = des:normal des-cbc-crc:v4 des-cbc-crc:afs3 kdc = kerberos.muse.net.nz admin_server = kerberos.muse.net.nz kpasswd_server = kerberos.muse.net.nz } [domain_realm] .muse.net.nz = MUSE.NET.NZ [kadmin] default_keys = v5 afs3 afs-cell = muse.net.nz [logging] kadmind = FILE:/var/heimdal/kadmind.log [kdc] require-preauth = no v4-realm = MUSE.NET.NZ afs-cell = muse.net.nz _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info