Ken Hornstein wrote:
So we are moving out of DCE/DFS and I need to be able to run them side
by side for a bit. Obviously I can't run krb542d on the DCE cell. But
I can get a krb5 ticket out and that works fine, I thought there was now
support for converting krb5 tickets into tokens without the need of a
524d? Or am I stuck with gssklog until I convert over to a MIT KDC with
the 524d?
If you have a new enough vintage of OpenAFS (I think 1.2.13) it can
take a raw v5 ticket in an AFS token just fine. You need a new enough
aklog (like the one that comes with OpenAFS 1.4). But you can run
krb524d in a DCE cell, assuming you can extract the AFS service key
into a keytab.
--Ken
Ken I have followed your directions as usual and gave the afs key the
principal "afs". Although I did make a afs/umiacs.umd.edu principal as
well. There doesn't seem to be a switch for just trying krb5 in aklog
or is that choice made for you?
[EMAIL PROTECTED] afs]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
11/08/05 11:56:42 11/09/05 11:56:42 krbtgt/[EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED] afs]# tokens
Tokens held by the Cache Manager:
--End of list--
[EMAIL PROTECTED] afs]# aklog
aklog: Couldn't get umiacs.umd.edu AFS tickets:
aklog: unknown RPC error (-1765328228) while getting AFS tickets
[EMAIL PROTECTED] afs]# rpm -qf /usr/bin/aklog
openafs-krb5-1.4.0-rhel4.1
[EMAIL PROTECTED] afs]# aklog -d
Authenticating to cell umiacs.umd.edu (server oberon.umiacs.umd.edu).
We've deduced that we need to authenticate to realm umiacs.umd.edu.
Getting tickets: afs/[EMAIL PROTECTED]
Kerberos error code returned by get_cred: -1765328228
aklog: Couldn't get umiacs.umd.edu AFS tickets:
aklog: unknown RPC error (-1765328228) while getting AFS tickets
[EMAIL PROTECTED] afs]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
11/08/05 11:56:42 11/09/05 11:56:42 krbtgt/[EMAIL PROTECTED]
11/08/05 11:56:49 11/09/05 11:56:42 afs/[EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED] afs]# ps axuww | grep afs
root 29998 0.0 0.2 5552 3052 ? Ss Nov07 0:00
/usr/afs/bin/bosserver
root 29999 0.0 0.3 5912 3796 ? S Nov07 0:00
/usr/afs/bin/buserver
root 30000 0.0 0.4 7492 4556 ? S Nov07 0:00
/usr/afs/bin/ptserver
root 30001 0.0 0.5 8572 5980 ? S Nov07 0:00
/usr/afs/bin/vlserver
root 30003 0.0 0.1 3768 1352 ? S Nov07 0:00
/usr/afs/bin/upserver -crypt /usr/afs/etc
root 30007 0.0 0.6 193328 6704 ? S<l Nov07 0:00
/usr/afs/bin/fileserver
root 30008 0.0 0.1 137992 1652 ? Sl Nov07 0:00
/usr/afs/bin/volserver
root 30132 0.0 0.0 0 0 ? S Nov07 0:00
[afs_rxlistener]
root 30134 0.0 0.0 0 0 ? S Nov07 0:00
[afs_callback]
root 30136 0.0 0.0 0 0 ? S Nov07 0:00 [afs_rxevent]
root 30139 0.0 0.0 0 0 ? S Nov07 0:00 [afsd]
root 30141 0.0 0.0 0 0 ? S Nov07 0:00
[afs_checkserver]
root 30143 0.0 0.0 0 0 ? S Nov07 0:00
[afs_background]
root 30145 0.0 0.0 0 0 ? S Nov07 0:00
[afs_background]
root 30147 0.0 0.0 0 0 ? S Nov07 0:00
[afs_cachetrim]
root 26000 0.0 0.0 4480 652 pts/2 S+ 12:03 0:00 grep afs
--
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies
[EMAIL PROTECTED]
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
