Thanks all :-)
James Nurmi
Derek Atkins wrote:
"James D. Nurmi" <[EMAIL PROTECTED]> writes:
the krb5.conf is correctly stating that the kdc & adminserver are the newly CNamed kerberos1 machine... Kinit works, aklog works. klist lists out the new ticket, tokens claims to have tokens... However if I try to enter a section on /afs that requires anything above system:anyuser (from any client machine) gets:
afs: Tokens for user of AFS id 2 for cell econ.vt.edu are discarded
(rxkad error=19270408)
Are you sure you configured your krb524d to produce old-style afs tokens? See the Kerberos documentation.
Interestingly, klog fails, and AFS for windows says Authentication
Server cannot be found...
Yea -- klog specifically looks at the AFS DB servers.
Still toying with it though... I'll let you know if i get any
breakthroughs....
-derek
Derek Atkins wrote:
Set your krb.conf/krb5.conf to point to the new KDC._______________________________________________
Or do you mean you're actually using "klog"???
-derek
"James D. Nurmi" <[EMAIL PROTECTED]> writes:
I've been attempting of late to rotate some of the functionality of our servers to accomodate a new machine... In the process, I would like to move kerberos off of one of our AFS machines onto its own box. I got the KDC moved as well as possible, and all services work normally, except for AFS... Is there a way to tell AFS where to look for the kerberos server? or does it /have/ to be on the ptServer?
James Nurmi
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
OpenAFS-info mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
