some progress anyway, I get tokens but no /afs export KRB5CCNAME=FILE:/run/user/0/krb5cc/primary
afsd -stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000 afsd: Error calling AFSOP_CACHEFILE for '/usr/vice/cache/D0/V2000' kinit admin ad...@creedon.biz's Password: aklog tokens Tokens held by the Cache Manager: User's (AFS ID 501) tokens for a...@creedon.biz [Expires Jun 23 09:02] --End of list-- BUT /afs doesn't get mounted to /vicepa ookpik:/usr/src/linux-4.1.31-30 # ls /afs ookpik:/usr/src/linux-4.1.31-30 # mount |g afs ookpik:/usr/src/linux-4.1.31-30 # fs mkmount /afs/.$C root.cell -rw fs: mount points must be created within the AFS file system ________________________________________ From: Benjamin Kaduk <ka...@mit.edu> Sent: Thursday, December 22, 2016 3:58:31 PM To: Ted Creedon Cc: openafs-info@openafs.org Subject: Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user On Thu, Dec 22, 2016 at 11:42:41PM +0000, Ted Creedon wrote: > different outcome w/ 7.1.0 but no tokens from eiher afslog or aklog (still > carps about > /run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT) Ah, this is a "fancy" default coming into play, no doubt. /run/user may be isolated for various users with filesystem namespaces to prevent cross-user attacks (though I guess that may not be coming into play here). I also recall issues where the /run/user/<uid>/krb5cc/ directory was not created automatically, so check that it exists. > ookpik:/data1/openafs-1.8.0pre1 # kinit -afslog admin > ad...@creedon.biz's Password: > ookpik:/data1/openafs-1.8.0pre1 # klist -AT > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: ad...@creedon.biz > > Issued Expires Principal > Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 krbtgt/creedon....@creedon.biz > Dec 22 15:33:01 2016 Jun 23 07:32:57 2017 afs/creedon....@creedon.biz Okay, now the kerberos part is succeeding, so any issue here is on the AFS side. > > > Dec 22 15:33:01 201 Jun 23 07:32:57 201 Tokens for creedon.biz > > > ################## > aklog > aklog: Couldn't determine realm of user:aklog: unknown RPC error > (-1765328189) while getting realm This seems to suggest that aklog -noprdb might succeed. > ##### > open("/run/user/0/krb5cc/tkt", O_RDONLY) = -1 ENOENT (No such file or > directory) There are two ticket caches in play here, which can be confusing to both humans (i.e., me) and software. Is KRB5CCNAME modified between any of the pasted output you have given here? Did you consciously try to set either /run/user/0/krb5cc/tkt or FILE:/tmp/krb5cc_0? Is aklog linked against a heimdal or MIT libkrb5? Please provide any /etc/krb5.conf declarations relating to names of credentials caches. I don't think it's particularly helpful to be randomly trying different versions of the software; I would rather get good solid debugging output from a specific setup and understand what is failing, so that software changes can be targetted instead of "shotgun style". -Ben _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info