Thanks for the quick reply. On Dec 30, 2007 7:55 PM, Jeffrey Altman <[EMAIL PROTECTED]> wrote: > If your domain_realm mappings were specified in krb5.conf then Kerberos > referrals would not be used for authentication.
That's the thing, my domain_realm mappings are set up right. In fact, I'm using a krb5.conf that's identical to the one that works on another machine. > aklog is working. You are getting tokens. aklog simply does not know > that the user is local to the cell and cannot create a foreign realm > entry for it. I ran aklog through truss. It's definitely reading in the correct krb5.conf (I have MIT Kerberos built with sysconfdir=/etc/kerberos, so I have a copy at /etc/krb5.conf and /etc/kerberos/krb5.conf just to be safe) Here is aklog -d sent through truss: http://www.phalengard.com:8000/~phalenor/aklog-debug This really doesn't make sense. It almost seems like it's ignoring the domain_realm section. I'm stumped at this point. -- Andy Cobaugh [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
