Jeffrey Altman wrote:
Your Rx connection is unauthenticated. That means that
(a) either you do not have an AFS token
(b) the token contains a kvno that is not recognized by the AFS server
(c) the token is bad in some other way
On Windows using the MIT KFW klist command, what does "klist -e" show
when you have an afs/[email protected] service ticket in the cache?
I have done an "aklog -c afstest.iu.edu" giving the following output
for "tokens":
Tokens held by the Cache Manager:
User's (AFS ID 37302) tokens for [email protected] [Expires Jul 9 00:53]
--End of list--
The kvno command comes back with the right kvno, as seen by ktutil for
the keytab, just as it was when I added it with astekey.
Here's what "klist -e" says:
Default principal: [email protected]
Valid starting Expires Service principal
07/08/09 14:53:40 07/09/09 00:53:44 krbtgt/[email protected]
renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
07/08/09 14:53:56 07/09/09 00:53:44 afs/[email protected]
renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS
mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
So what else should I look for in the token being bad in another way?
Thanks again,
Chris
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
