Andrew Bacchi wrote:
I need to allow hosts to read/write files into AFS directories. I currently have a host principal as host/server.rpi.edu, and I extracted a keytab file for it as /etc/krb5.keytab.This is not working, so I must be missing something. How do I get AFS tokens using krb5.keytab? There is some AFS form to the principal in kerberos 5 that I haven't mapped correctly.
Several things:
(1) you must create a PTS entry that matches the service principal.
(see note below)
(2) you must obtain a Kerberos TGT using the keytab
(3) you must set a token using that TGT with aklog
Note that AFS does not currently have a notion of an identity for the
cache manager and given the fact that the principal names must be
converted to krb4 format the PTS entry for host/[EMAIL PROTECTED]
will become [EMAIL PROTECTED] when performing lookups in the PTS database.
There is nothing that will distinguish this AFS ID as a machine ID. When it is being used, the process will be a member of system:authuser.
smime.p7s
Description: S/MIME Cryptographic Signature
