Russ Allbery <[email protected]> writes: >> b...@krb5-server:~$ aklog -d -c kuk.adm.es.aau.dk -c bai.adm.es.aau.dk >> Authenticating to cell kuk.adm.es.aau.dk (server >> afsdb1.kuk.adm.es.aau.dk). >> Trying to authenticate to user's realm BAI.ADM.ES.AAU.DK. >> Getting tickets: afs/[email protected] >> We've deduced that we need to authenticate using referrals. >> Getting tickets: afs/kuk.adm.es.aau.dk@ >> We've deduced that we need to authenticate to realm KUK.ADM.ES.AAU.DK. >> Getting tickets: afs/[email protected] >> Getting tickets: [email protected] >> Kerberos error code returned by get_cred : -1765328377 >> aklog: Couldn't get kuk.adm.es.aau.dk AFS tickets: >> aklog: unknown RPC error (-1765328377) while getting AFS tickets
> windlord:~/tmp/OPENAFS> grep -- -1765328377 /usr/include/krb5/krb5.h > #define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L) > So the OpenAFS aklog, which is using the MIT Kerberos libraries, is > unable to get cross-realm tickets from your local realm for the service > afs in the remote realm KUK.ADM.ES.AAU.DK. This error message can mean > that it can't find the krbtgt/* principal for the cross-realm > authentication. > Could you run the command: > kvno [email protected] > with your normal Kerberos tickets and see if it runs into the same > problem? If so, the problem is either with your KDCs or with the > Kerberos libraries, not with aklog. If kvno works and aklog doesn't, > the problem may be with aklog. > Could you also run a klist before and after running aklog, and before and > after running kvno? Hi there, I don't think I got a reply to the above query. Are you still having this problem? If so, could you give the above a try? -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
