ktadd will change the key. But that's ok, you don't want to "kinit afs@REALM", you want to "kinit <your user name>"
-derek Adam Thornton <[EMAIL PROTECTED]> writes: > Now I've created my afs@REALM principal, with a v4 des-cbc-crc key. > > Over on the AFS bosserver machine I've run kadmin, authenticated as > admin/admin and done a ktadd afs. > > Then I exit kadmin and run asetkey on the new /etc/krb5.keytab to, > presumably, extract the key. > > Then I should be able to do a kinit -4 afs@REALM, authenticate, and then > run aklog to get a token, right? > > But when I do kinit, I get kinit(v4): Password incorrect. I know it's > the same password I gave when I created the key (since it's just "afs" > until I get this right). > > Over on the KDC I get a log message: PROCESS_V4: Initial ticket request > Host: 109.90.2.4 User: "afs" "" > > Plain old kinit (v5) gives me a "Password incorrect while getting > initial credentials" on the bosserver, and > AS_REQ 10.90.2.4(88): ISSUE authtime 1010686286, afs@REALM for > krbtgt/REALM@REALM > > (REALM changed to obscure customer's identity). > > I feel like I'm missing something really obvious. It is very much as if > my keys are not really getting translated appropriately. > > I'm going to need to do that successful kinit before I can set up any of > the rest of AFS, so that I have someplace to authenticate against, > right? > > I'm very confused. > > Adam > _______________________________________________ > OpenAFS-devel mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-devel -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [EMAIL PROTECTED] PGP key available _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
