On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH <allb...@ece.cmu.edu > wrote:
> On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: > >> [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs >> a...@ss2k-devel.uci.edu: kvno = 2 >> [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu >> afs/mycell....@mycell.edu: kvno = 2 >> > > You put both of these in the KeyFile? With the same kvno? This will > break, because the KeyFile doesn't contain principals, and picks entries by > kvno. You'll need to change one of them and then regenerate the KeyFile. > > Hmm, part of that is a text-replacement error... oops, I was trying to obfuscate my real REALM name, but clearly failed. That line should read " a...@mycell.edu" to be consistent with the rest of my output. However, I'm not sure what you mean by "both of those in the KeyFile" - my output of asetkey and bos listkeys shows that I only have one key in the KeyFile: [09:57 r...@afs1 ~]# asetkey list kvno 2: key is: <key_obscured> All done. [10:01 r...@afs1 ~]# bos listkeys afs1 -localauth key 2 has cksum 1847647929 Keys last changed on Fri Feb 26 10:00:22 2010. All done. However, in my Kerberos ticket cache I do indeed have two tickets with the same kvno. I'm speculating, but that would be a problem with how Windows implements the "ktpass mapuser" function and then returns tickets for a mapped user with the same kvno as the principal. So both the user "afs" and the principal "afs/mycell.edu" are returning tickets with the same kvno. And I don't think there are separate entries for these principals in the kerberos database. I'll try changing the password on the "afs" user account and then see what kvno I get. Otherwise, is there a way for aklog to not bother getting a ticket for the " a...@mycell.edu" principal, and just use "afs/mycell....@mycell.edu"? -- Jonathan Nilsson, jnils...@uci.edu Social Sciences Computing Services 949.824.1536, 4110 SSPA, UC Irvine > -- > brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com > system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu > electrical and computer engineering, carnegie mellon university KF8NH > > >
