Tracy Di Marco White said the following on 2005-08-05 03:58:
hi Tracy, 0g, thanks for your help. I'm still having problems although
perhaps things have advanced :-)
-- thanks :-) but I'm stuck after switching out of -noauth, despite
having seeming correct k5 tickets. My guess is that I need something
like aklog, or my krb configuration but I am lost for the obvious
If he's using the instructions we wrote, he's likely using heimdal, and so
kinit will get tokens magically if he has "afslog = yes" in "[appdefaults]"
in his /etc/krb5.conf. (Sample krb5.conf on page 13, same instructions.)
I don't see appdefaults in his krb5.conf snippet, so I don't know if he has
that, but I don't see tokens in his klist, so probably not.
I added the /afslog=yes/ & now I get:
[EMAIL PROTECTED]:/home/wavey $ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: wavey/[EMAIL PROTECTED]
Issued Expires Principal
Aug 9 00:25:51 Aug 9 10:25:51 krbtgt/[EMAIL PROTECTED]
Aug 9 00:25:51 Aug 9 10:25:51 afs/[EMAIL PROTECTED]
which is clearly an improvement with the AFS tickets. NB /add
-random-key afs/example.com /has to be written as /--random-key /, or/
-r /on my heimdal install. doing a klist -T hangs though.
I'm OK up to 'Installing the initial AFS DB server'
* Copy KeyFile created above to /usr/pkg/etc/openafs/server/KeyFile
I've not got a //usr/pkg/etc/openafs/server/KeyFile/, I put it in
//usr/afs/etc/KeyFile
/But this isn't enough to restart the BOSS with just my tickets for
authentication:
[EMAIL PROTECTED]:/usr/afs/bin $ /usr/afs/bin/bosserver -log
[EMAIL PROTECTED]:/usr/afs/bin $ klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: wavey/[EMAIL PROTECTED]
Issued Expires Principal
Aug 9 00:34:11 Aug 9 10:34:11 krbtgt/[EMAIL PROTECTED]
Aug 9 00:34:11 Aug 9 10:34:11 afs/[EMAIL PROTECTED]
[EMAIL PROTECTED]:/usr/afs/bin $ ./pts examine wavey.afs
libprot: AFS kernel pioctl doesn't exist Could not get afs tokens, running
unauthenticated.
Name: wavey.afs, id: 1, owner: system:administrators, creator: anonymous,
membership: 1, flags: S----, group quota: unlimited.
[EMAIL PROTECTED]:/usr/afs/bin $ ./bos restart -server scorch.muse.net.nz
bos: AFS kernel pioctl doesn't exist (getting tickets)
bos: running unauthenticated
bos: failed to restart servers (you are not authorized for this operation)
& yet under/ -localauth/ it works. I've got my
//usr/pkg/etc/openafs/server/KeyFile/ stored in //usr/afs/etc/KeyFile/
-- I assume this is the correct place based on info in the Wiki.Do you
have any other suggestions for me?
cheers, dave
--
out of the frying pan and into the fire
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
