Just a guess but perhaps you have two different versions of aklog on your machine and the first one use krb524 and the second one uses raw Kerberos 5?
Perhaps your servers are old enough that they cannot support raw Kerberos 5 based tokens? Jeffrey Altman Sean Kelly wrote: > I've installed OpenAFS 1.4.0 on two RHEL AS 3 machines for testing. They > both use Kerberos 5, aklog, and all that good stuff. They seem to be > working perfectly, except if I do a second `aklog` after logging in and > getting my ticket from pam_krb5afs, it breaks: > > g4:~ smkelly$ ssh <testhost-1>.creighton.edu > smkelly@<testhost-1>.creighton.edu's password: > [smkelly@<testhost-1> smkelly]$ pwd > /afs/creighton.edu/users/smkelly > [smkelly@<testhost-1> smkelly]$ ls > *works* > [smkelly@<testhost-1> smkelly]$ aklog -d > Authenticating to cell creighton.edu (server <testhost-1>.creighton.edu). > We've deduced that we need to authenticate to realm CREIGHTON.EDU. > Getting tickets: afs/[EMAIL PROTECTED] > Principal not found, trying alternate service name: afs/@CREIGHTON.EDU > About to resolve name smkelly to id in cell creighton.edu. > Id 500 > Set username to AFS ID 500 > Setting tokens. AFS ID 500 / @ CREIGHTON.EDU > [smkelly@<testhost-1> smkelly]$ ls > ls: .: Permission denied > [smkelly@<testhost-1> /]$ bos listhosts <testhost-1> > bos: failed to get cell name (ticket contained unknown key version number) > > > Any idea what the problem could be? Why does running aklog a second time > break me? Even with a -force it is broken. > > Thanks. >
smime.p7s
Description: S/MIME Cryptographic Signature
