On Thu, Sep 30, 2010 at 7:56 AM, Phillip Moore <[email protected]> wrote: > My quest to refresh my AFS knowledge continues, with mixed results. > I can get as far as rebooting the first AFS machine, and the server and > client seems to come up fine, and talk to each other. I can run any > administrative command as long as I use -localauth, and while I can get > tokens for the localcell just fine, the AFS server processes aren't trusting > them. > I'm using CentOS 5.4 on x86_64, using the Kerberos version which is packaged > with CentOS by default.
what version? i don't think it will matter but if 1.8 there's an extra step I've had no problem setting up my krb5 realm > (BOOT.EFS) and using it (my product already uses GSSAPI for basic > authentication). Here's the Kerberos-related details of how this was > setup. > The AFS cell name is 'd.fh.nyc.us.boot.efs': > [r...@fhcore etc]# kadmin -k > Authenticating as principal host/[email protected] with default > keytab. > kadmin: add_principal -randkey -e des-cbc-crc:v4 afs/d.fh.nyc.us.boot.efs > WARNING: no policy specified for afs/[email protected]; > defaulting to no policy > Principal "afs/[email protected]" created. that cell looks nothing like that realm. what's in FileLog? What's in /usr/afs/etc/krb.conf (or equivalent if you didn't use transarc paths) > How do I get the AFS server process to tell me how the credentials are being > handled? alas, currently, audit logs. but that's gonna be the issue. ptserver isn't mapping these to local realm user and so you are no one. -- Derrick _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
