On Thu, the 9th of Av, 5769 (07/30/2009) Andrew Deason wrote:
On Thu, 30 Jul 2009 13:51:06 -0400 (EDT)
Gedaliah Wolosh <[email protected]> wrote:
On Thu, the 9th of Av, 5769 (07/30/2009) Jeffrey Altman wrote:
Gedaliah Wolosh wrote:
Currently our cell is authenticating to both the KA server and
Krb5. The AFS Keyfile contains principals for both afs and
afs/cellname. The KeyFile is distributed via upclient. This has
been working for several months without issue.
A new file server was put in place. If aklog is used to get a
token, the token does not give the user permission in any volume
served by this new file server. A token obtained by klog is fine.
The kaserver token will be issued from a realm with the same name
as the cell. What is the name of the Kerberos v5 realm and if it
is not the same, does it exist in the afs krb.conf file?
The Kerberos v5 realm is different from the name of the cell, however
the realm name IS in the afs krb.conf file.
Just to be sure; what is the full path to the krb.conf you're talking
about?
/usr/afs/etc/krb.conf
When you aklog, does 'tokens' still show that you have tokens after you
try something where you are denied permission?
Yes
Have you tried restarting the fileserver processes after you've verified
that /usr/afs/etc is the same as the others?
Yes
Gedaliah Wolosh
University Computing Systems - IST
New Jersey Institute of Technology
--
Andrew Deason
[email protected]
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
