Dear OpenAFS community, Suddenly today, I was unable to aklog on my MacOSX SnowLeopard: $ klist Ticket cache: FILE:/tmp/krb5cc_503 Default principal: [email protected]
Valid starting Expires Service principal 10/13/12 14:49:05 10/14/12 14:49:05 krbtgt/[email protected] renew until 10/13/12 14:49:05 $ aklog -d -c cs.uwm.edu -k CS.UWM.EDU Authenticating to cell cs.uwm.edu (server solomons.cs.uwm.edu). aklog: Couldn't determine realm of user:aklog: unknown RPC error (-1765328189) while getting realm The error message from aklog is misleading, because even though the realm is specified, aklog still dies. The error message (see https://andromeda.rutgers.edu/~sysmail/krb5_error.html) actually is -1765328189 KRB5_FCC_NOFILE No credentials cache file found When trying to figure out what changed, I remembered that yesterday I "sudo port upgrade outdated" for the first time in at least a year. And then: $ which kinit /opt/local/bin/kinit Apparently when upgrading some macport program, it decided to install kerberos too, which hadn't been installed (as a macport) before. This installed in /opt/local/bin which is (in my path) before /usr/bin. The built-in kerberos puts the credential cache in some "special" place: $ /usr/bin/klist Kerberos 5 ticket cache: 'API:Initial default ccache' Default principal: [email protected] ... So when my old token/ticket died, the /opt/local/bin/kinit placed the credential in /tmp/krb5cc*, but aklog looked for it elsewhere and died. An easy workaround is to use /usr/bin/kinit rather than "kinit" (i.e. /opt/local/bin/kinit). I'm sending this to the list in case anyone else has the same problem I had. It took me a while to figure out what was going on. Best regards, John _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
