https://lists.openafs.org/pipermail/openafs-info/2011-June/036188.html
On Tue, Mar 27, 2012 at 3:45 AM, Stefan Michael Guenther <s.guent...@in-put.de> wrote: > Hello, > > I'm currently trying to setup OpenAFS 1.6.0-1 together with MIT Kerberos > 1.9.1 on an Ubuntu System. > > All necessary processes are running but something seems to be wrong with my > Kerberos configuration: > > intranet:/var/log# kinit admin > Password for ad...@in-put.de: > > intranet:/var/log# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: ad...@in-put.de > > Valid starting Expires Service principal > 03/27/12 09:13:32 03/27/12 19:13:32 krbtgt/in-put...@in-put.de > renew until 03/28/12 09:13:29 > > > intranet:/var/log# aklog -d > Authenticating to cell IN-PUT.DE (server intranet.in-put.de). > Trying to authenticate to user's realm IN-PUT.DE. > Getting tickets: afs/in-put...@in-put.de > We've deduced that we need to authenticate to realm IN-PUT.DE. > Getting tickets: afs/in-put...@in-put.de > Getting tickets: afs/in-put...@in-put.de > Getting tickets: a...@in-put.de > Kerberos error code returned by get_cred : -1765328370 > aklog: Couldn't get IN-PUT.DE AFS tickets: > aklog: unknown RPC error (-1765328370) while getting AFS tickets > > > According to a number of postings the error is related to ticket encryption, > but I guess I have the right settings in the Kerberos config files: > > /etc/krb5.conf > ------------------- > > [libdefaults] > default_realm = IN-PUT.DE > krb4_config = /etc/krb.conf > krb4_realms = /etc/krb.realms > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > fcc-mit-ticketflags = true > > [realms] > IN-PUT.DE = { > kdc = intranet.in-put.de > admin_server = intranet.in-put.de > } > > [domain_realm] > .in-put.de = IN-PUT.DE > in-put.de = IN-PUT.DE > > [login] > krb4_convert = true > krb4_get_tickets = false > > /etc/krb5kdc/kdc.conf > ------------------------------ > > [kdcdefaults] > kdc_ports = 750,88 > > [realms] > IN-PUT.DE = { > database_name = /var/lib/krb5kdc/principal > admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab > acl_file = /etc/krb5kdc/kadm5.acl > key_stash_file = /etc/krb5kdc/stash > kdc_ports = 750,88 > max_life = 10h 0m 0s > max_renewable_life = 7d 0h 0m 0s > master_key_type = des3-hmac-sha1 > supported_enctypes = #supported_enctypes = aes256-cts:normal > arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal > des:v4 des:norealm des:onlyrealm des:afs3 > default_principal_flags = +preauth > } > > Thanks for any hints or suggestions, > > Stefan -- Derrick _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info