Quoting Jeffrey Altman <[email protected]>:
Eric Chris Garrison wrote:
...but as [email protected]:
Wed Jul 1 15:58:37 2009 [6] EVENT AFS_Aud_Unauth CODE -1 STR AFS_SRX_StData
Wed Jul 1 15:58:37 2009 [6] EVENT AFS_SRX_StData CODE 0 NAME --UnAuth--
HOST 149.166.144.33 ID 32766 FID 536870933:2:2
So the ADS.IU.EDU user is showing as unauthorized? Strange that if I
create a file, its UNIX permissions show as owned by ecgarris though.
I would also verify that the keytabs that you are using are in fact
correct. You can do so using the MIT Kerberos kvno command. Obtain a
TGT for [email protected] and then issue:
kvno -k <keytab> afs/[email protected]
Your Rx connection is unauthenticated. That means that
(a) either you do not have an AFS token
(b) the token contains a kvno that is not recognized by the AFS server
(c) the token is bad in some other way
On Windows using the MIT KFW klist command, what does "klist -e" show
when you have an afs/[email protected] service ticket in the cache?
I have done an "aklog -c afstest.iu.edu" giving the following output
for "tokens":
Tokens held by the Cache Manager:
User's (AFS ID 37302) tokens for [email protected] [Expires Jul 9 00:53]
--End of list--
The kvno command comes back with the right kvno, as seen by ktutil for
the keytab, just
as it was when I added it with astekey.
Here's what "klist -e" says:
Default principal: [email protected]
Valid starting Expires Service principal
07/08/09 14:53:40 07/09/09 00:53:44 krbtgt/[email protected]
renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
mode with 96-bit
SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
07/08/09 14:53:56 07/09/09 00:53:44 afs/[email protected]
renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
mode with 96-bit
SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
So what else should I look for in the token being bad in another way?
Thanks again,
Chris
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
