I'm having some issues with aklog not determining what kerberos realm to authenticate to. I have checked that krb5.conf has the correct default_realm set, and the [domain_realm] mappings are set up the same. I have verified that aklog works on another linux machine running openafs-1.4.5. The suspect configuration is on solaris (though I'm seeing this on another linux machine as well).
Here is what I'm seeing when I issue aklog -d: $ aklog -d Authenticating to cell phalengard.com (server alioth). We've deduced that we need to authenticate using referrals. Getting tickets: afs/phalengard.com@ Using Kerberos V5 ticket natively About to resolve name [EMAIL PROTECTED] to id in cell phalengard.com. Id 32766 doing first-time registration of [EMAIL PROTECTED] at phalengard.com aklog: Permission denied so unable to create remote PTS user [EMAIL PROTECTED] in cell phalengard.com (status: 267269). Set username to [EMAIL PROTECTED] Setting tokens. [EMAIL PROTECTED] / @ PHALENGARD.COM Now if I specify the realm with -k, this is what I get: $ aklog -d -c phalengard.com -k PHALENGARD.COM Authenticating to cell phalengard.com (server alioth). We were told to authenticate to realm PHALENGARD.COM. Getting tickets: afs/[EMAIL PROTECTED] Using Kerberos V5 ticket natively About to resolve name phalenor to id in cell phalengard.com. Id 1012 Set username to AFS ID 1012 Setting tokens. AFS ID 1012 / @ PHALENGARD.COM That is the expected behavior, and I can't figure out what else I should be checking. ThisCell is also populated with the correct cell name. Any idea what could be going on here? This is being done primarily under Solaris 10 SPARC, with a recently built openafs-1.4.6. -- Andy Cobaugh [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
