On Fri, May 29, 2009 at 10:18 AM, David Robson <[email protected]> wrote:
>> >> My suggestion is to not worry about klog at all and instead use kadmin >> to create principals, kinit to get Kerberos tickets, and aklog to >> convert those tickets to AFS tokens. >> > > This works fine on the AFS server, but how do I get it to work on an AFS > client? > Can you confirm that you're successfully getting Kerberos tickets on the client? e.g., can you kinit to a principal you know exists and show the output with 'klist'? Once you have a ticket, you should be able to run 'aklog' and convert tickets to tokens. If that doesn't work, it would be helpful to see the output of klist, as well as the output of the -d option to aklog. > I thought that all that was required was for the sysadmin (on the client) to > define my cell and server in /usr/vice/etc/CellServDB.local on the client, > and > restart openafs-client. Users would be able to authenticate with > kinit/aklog > > Obviously I was wrong. What needs doing on the client? > You're correct -- my suspicion is that your Kerberos configuration (/etc/krb5.conf) on your client does not match what you have on your server, but that's just a guess. -- Steven Jenkins End Point Corporation http://www.endpoint.com/ _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
