Jeffrey Hutzelman said: > > > On Thursday, June 17, 2004 22:19:42 -0400 Steve Devine <[EMAIL PROTECTED]> > wrote: > >> All, >> >> I am trying to set up a test afs cell and migrate it to Kerb 5. >> The cell works as expected and the kdc works fine as well. I can kinit and >> klist tickets etc. I converted a afs principal to the kdc and now I can >> kinit using the original afs password .. so far so good. >> >> When I run aklog -d this is what I get >>################### >> >> Authenticating to cell kerb5.cl.msu.edu (server open-afsdb2.cl.msu.edu). >> We've deduced that we need to authenticate to realm KERB5.CL.MSU.EDU. >> Getting tickets: afs/[EMAIL PROTECTED] >> About to resolve name XXXX-email-protested-XXX to id in cell >> kerb5.cl.msu.edu. Id 4 >> Set username to AFS ID 4 >> Setting tokens. AFS ID 4 / @ KERB5.CL.MSU.EDU >> aklog: unable to obtain tokens for cell kerb5.cl.msu.edu (status: >> 11862791). >>################################ >> >> Heres a question. In the README for afs-krb5 it says >> 1) Create an AFS principal in the Kerberos database. Call it: >> [EMAIL PROTECTED] >> >> Yet in the debug for aklog -d it seems to be calling for >> afs/[EMAIL PROTECTED] >> >> So which one do I need ? > > > Either will work -- any modern aklog will try both principal names; it will > try afs/[EMAIL PROTECTED] and then [EMAIL PROTECTED] If > your kdb only contains the latter, then you will see messages in the kdc > logs about the unknown principal. > > > The debugging output you included indicates that aklog is successfully > obtaining an AFS service ticket and looking up the user's PTS ID. However, > it is failing to store the tokens with this error: > > 11862791 KTC.7 KTC_NOCM > Cache Manager is not initialized / afsd is not running > > > You must have a running AFS client before aklog will work. > > -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> > Sr. Research Systems Programmer > School of Computer Science - Research Computing Facility > Carnegie Mellon University - Pittsburgh, PA > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info >
An update .. This entry seems to be critical in the kdc.conf ###################### master_key_type = des-cbc-crc supported_enctypes = des-cbc-crc:normal, des-cbc-crc:v4, des-cbc-crc:afs3 ####################### kdc must be created with single des enctype like so : kdb5_util create -k des-cbc-crc:normal -r YOURREALM -s Thanks to all for your help. /sd Steve Devine Michigan State University _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
