Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[noob] OpenAFS, MIT Kerberos 5 and aklog
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
KermitTheFragger
n00b
n00b


Joined: 20 Aug 2004
Posts: 41
Location: Netherlands
PostPosted: Tue Aug 24, 2004 3:05 pm    Post subject: [noob] OpenAFS, MIT Kerberos 5 and aklog Reply with quote
Hi,

I've got a small problem with OpenAFS, maybe some of you nice folks could help me out here :)

I have set up AFS with MIT Kerberos V Authentication, added a principal named afs/zeus.lan@ZEUS.LAN in kerberos. Then I added the principal to a keytab with "ktadd -e des-cbc-crc:afs3 -k /usr/vice/etc/afs.keytab afs/zeus.lan". I also runned asetkey: "asetkey add 5 /usr/vice/etc/afs.keytab afs/zeus.lan"

All seems to be going smooth so far. But when I do aklog, after I have done kinit ktf/admin I get:
Code:

Authenticating to cell zeus.lan (server storage).
We've deduced that we need to authenticate to realm ZEUS.LAN.
Getting tickets: afs/zeus.lan@ZEUS.LAN
Kerberos error code returned by get_cred: -1765328228
aklog: Couldn't get zeus.lan AFS tickets:
aklog: Cannot contact any KDC for requested realm while getting AFS tickets


The strange thing is; I DO get an AFS ticket:

Code:

Valid starting     Expires            Service principal
08/24/04 16:17:51  08/25/04 02:17:51  krbtgt/ZEUS.LAN@ZEUS.LAN
        renew until 08/25/04 16:17:51
08/24/04 16:17:59  08/25/04 02:17:51  afs/zeus.lan@ZEUS.LAN
        renew until 08/25/04 16:17:51


Even weirder, on Windows XP (aaaah, i know, i know, plz stop hitting me :D) AFS works. Its get its ticket and just works.

Im really at a loss here.
Back to top
View user's profile Send private message
KermitTheFragger
n00b
n00b


Joined: 20 Aug 2004
Posts: 41
Location: Netherlands
PostPosted: Wed Aug 25, 2004 8:20 am    Post subject: Reply with quote
Ok I solved it, here's the answer for anyone who has the same problem. I'm almost ashame to tell it, really stupid mistake :oops: .

Be sure you have the krb524 deamon running! So that Kerberos 5 tickets can be translated to Kerberos 4 tickets.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy