On Thursday, June 17, 2004 22:19:42 -0400 Steve Devine <[EMAIL PROTECTED]> wrote:
All,
I am trying to set up a test afs cell and migrate it to Kerb 5. The cell works as expected and the kdc works fine as well. I can kinit and klist tickets etc. I converted a afs principal to the kdc and now I can kinit using the original afs password .. so far so good.
When I run aklog -d this is what I get ###################
Authenticating to cell kerb5.cl.msu.edu (server open-afsdb2.cl.msu.edu). We've deduced that we need to authenticate to realm KERB5.CL.MSU.EDU. Getting tickets: afs/[EMAIL PROTECTED] About to resolve name XXXX-email-protested-XXX to id in cell kerb5.cl.msu.edu. Id 4 Set username to AFS ID 4 Setting tokens. AFS ID 4 / @ KERB5.CL.MSU.EDU aklog: unable to obtain tokens for cell kerb5.cl.msu.edu (status: 11862791). ################################
Heres a question. In the README for afs-krb5 it says 1) Create an AFS principal in the Kerberos database. Call it: [EMAIL PROTECTED]
Yet in the debug for aklog -d it seems to be calling for afs/[EMAIL PROTECTED]
So which one do I need ?
Either will work -- any modern aklog will try both principal names; it will try afs/[EMAIL PROTECTED] and then [EMAIL PROTECTED] If your kdb only contains the latter, then you will see messages in the kdc logs about the unknown principal.
The debugging output you included indicates that aklog is successfully obtaining an AFS service ticket and looking up the user's PTS ID. However, it is failing to store the tokens with this error:
11862791 KTC.7 KTC_NOCM Cache Manager is not initialized / afsd is not running
You must have a running AFS client before aklog will work.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
