On Tue, 8 Nov 2005, Florian Daniel Otel wrote: > > After some more digging I narrowed down the problem to aklog. The > problem is that apparently "aklog" does some translation on the > Kerberos principal name. > In particular, if the Kerberos principal contains a "/" -- like e.g. > "florian/admin", aklog actually tries to resolve "florian.admin" > instead (which doesn't exist in the cell) thus resolves it as ID 32766 > (i.e. "anonymous"). > > kdc-hostname:~# kauth florian/admin > florian/[EMAIL PROTECTED]'s Password: > kauth: NOTICE: ticket renewable lifetime is 1 week > > kdc-hostname:~# aklog -d -force > Authenticating to cell domain.com (server kdc-hostname.domain.com). > We've deduced that we need to authenticate to realm DOMAIN.COM. > Getting tickets: afs/[EMAIL PROTECTED] > About to resolve name florian.admin to id in cell domain.com. > Id 32766 > Set username to florian.admin > Setting tokens. florian.admin / @ DOMAIN.COM > kdc-hostname:~# tokens > > Tokens held by the Cache Manager: > > Tokens for [EMAIL PROTECTED] [Expires Nov 9 07:09] > --End of list-- >
Create your PTS usernames as florian.admin rather htan florian/admin (while retaining the latter as your krb5 account names) and the transations will be done automatically. -- Coy Hile [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
