Keith Johnston wrote: > I have added the domain realm to my edu.mit.Kerberos file but still get > the error message and I see that it is using a ID number that is not my > UID. But it is still getting me tokens. > > kjoh001$ aklog -d > Authenticating to cell ec.auckland.ac.nz (server > afs-db1.ec.auckland.ac.nz). > We've deduced that we need to authenticate using referrals. > Getting tickets: afs/ec.auckland.ac.nz@
This indicates that there is no domain_realm mapping specified for .ec.auckland.ac.nz in the krb5 configuration file. As a result, the Kerberos v5 library provided a referrals principal name (one without a realm). As a result it cannot determine that your Kerberos v5 principal name should have the realm removed before querying the Protection service. > Using Kerberos V5 ticket natively > About to resolve name [EMAIL PROTECTED] to id in cell > ec.auckland.ac.nz. > Id 32766 As a result, it gets the anonymous ID number because the name [EMAIL PROTECTED] does not exist in the database. > doing first-time registration of [EMAIL PROTECTED] at > ec.auckland.ac.nz > aklog: Permission denied so unable to create remote PTS user aklog therefore tries to create a PTS entry and fails. > [EMAIL PROTECTED] in cell ec.auckland.ac.nz (status: 267269). You can disable the pts registration by using the -noprdb flag. Jeffrey Altman _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
