Re: [OpenAFS] Fileserver doesn't recognise host-principals

Wed, 03 Sep 2008 07:50:08 -0700 


Frank Burkhardt wrote:

Hi,

I've got a strange problem here. Some of my AFS-client-machines must
put some stuff into AFS on a regular basis. Since all of them have
a host/...-Keytab, I wanted to use it as AFS-identity:

 [EMAIL PROTECTED] $ pts create host.somehost.cbs.mpg.de
 User host.somehost.cbs.mpg.de has id 2000000044

 [EMAIL PROTECTED] # kinit -k -t /etc/krb5.keytab
 [EMAIL PROTECTED] # klist -e
 Ticket cache: FILE:/tmp/krb5cc_0
 Default principal: host/[EMAIL PROTECTED]

 Valid starting     Expires            Service principal
 08/26/08 16:22:11  08/27/08 18:22:11  krbtgt/[EMAIL PROTECTED]
        Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc 
mode with HMAC/sha1
 08/26/08 16:22:49  08/27/08 18:22:11  [EMAIL PROTECTED]
         Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32


 Kerberos 4 ticket cache: /tmp/tkt0
 klist: You have no tickets cached
 [EMAIL PROTECTED] # aklog
 [EMAIL PROTECTED] # tokens

 Tokens held by the Cache Manager:

 User's (AFS ID 2000000044) tokens for [EMAIL PROTECTED] [Expires Aug 27 18:22]
    --End of list--

However, when I try to create a file in AFS, I'm recognised as anonymous:

 [EMAIL PROTECTED] # cd /afs/cbs.mpg.de/tmp/leipzig;rm -f xxx
 [EMAIL PROTECTED] # touch xxx
 [EMAIL PROTECTED] # ls -la xxx
 -rw-r--r-- 1 anonymous root 0 Aug 26 16:25 xxx


ls -l uses the host's mapping of UID to names.

So was the file written with the anonymous UID?
ls -ln  should show the UID.
What mappings are /etc/passwd, NIS or LDAP?



There's nothing suspicious in the AFS-client's dmesg or in the fileserver's
FileLog.

Does anyone have an idea, what might cause this problem? I use keytabs+AFS
all the time. The problem just affects host-keytabs - on at least 3 of my
machines.



What systems? Do they may unknown UIDs to anonymous?


Thank you for any hints.

Regards,

Frank
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info




--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info






















					Reply via email to