Re: [OpenAFS] OpenAFS 1.4.5 on OSX 10.5

Mon, 05 Nov 2007 16:19:12 -0800

I have added the domain realm to my edu.mit.Kerberos file but still get the error message and I see that it is using a ID number that is not my UID. But it is still getting me tokens. 

kjoh001$ aklog -d
Authenticating to cell ec.auckland.ac.nz (server afs- db1.ec.auckland.ac.nz). 
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/ec.auckland.ac.nz@
Using Kerberos V5 ticket natively
About to resolve name [EMAIL PROTECTED] to id in cell ec.auckland.ac.nz. 
Id 32766
doing first-time registration of [EMAIL PROTECTED] at ec.auckland.ac.nz aklog: Permission denied so unable to create remote PTS user [EMAIL PROTECTED] in cell ec.auckland.ac.nz (status: 267269). 
Set username to [EMAIL PROTECTED]
Setting tokens. [EMAIL PROTECTED] /  @ EC.AUCKLAND.AC.NZ

kjoh001$ klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: [EMAIL PROTECTED]

Valid Starting     Expires            Service Principal
11/06/07 12:25:45  11/06/07 22:25:45  krbtgt/[EMAIL PROTECTED]
11/06/07 12:25:57  11/06/07 22:25:45  afs/ec.auckland.ac.nz@

kjoh001$ tokens

Tokens held by the Cache Manager:

Tokens for [EMAIL PROTECTED] [Expires Nov  6 22:25]
   --End of list--


Keith


On 6/11/2007, at 11:30 AM, david l goodrich wrote:


On Mon, Nov 05, 2007 at 05:00:16PM -0500, Jeffrey Altman wrote:

You are not the only one.  It is a change in the way the Kerberos
libraries on Leopard behave when there is no [domain_realm] mapping
specified in the krb5.conf file for the AFS volume server hostnames.


Left unsaid here is that adding this:

[domain_realm]
       dsrw.org = DSRW.ORG
       .dsrw.org = DSRW.ORG

to /Library/Preferences/edu.mit.Kerberos made the problem go away.
 --david


Jeffrey Altman


david l goodrich wrote:

Is anyone else seeing this behavior with OpenAFS on Leopard?

Every time I aklog, I get a permission denied, but I still get
tokens.  Any advice would be great.
 --david

elektra:~ dlg$ unlog
elektra:~ dlg$ tokens

Tokens held by the Cache Manager:

  --End of list--
elektra:~ dlg$ aklog
aklog: Permission denied so unable to create remote PTS user
[EMAIL PROTECTED] in cell dsrw.org (status: 267269).
elektra:~ dlg$ tokens

Tokens held by the Cache Manager:

Tokens for [EMAIL PROTECTED] [Expires Dec  5 15:45]
  --End of list--
elektra:~ dlg$ uname -a
Darwin elektra.dsrw.org 9.0.0 Darwin Kernel Version 9.0.0: Tue
Oct  9 21:35:55 PDT 2007; root:xnu-1228~1/RELEASE_I386 i386
elektra:~ dlg$ bos version
openafs 1.4.5
elektra:~ dlg$








                         -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Keith Johnston                                                                  
xtn: 87977
Computer Support
Computer Science Department                                     Rm 395
This email is brought to you by the letters OS X and the number 10 and 5 
                         =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to