[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More AFS problems

Hi again!
Thanks for the answers to my previous questions, they worked great.
Only, now I have more problems... :)

After setting the key for afs@<REALM>, everything worked, for a
while. Then suddenly, the users are no longer accepted by AFS. I can still
get tickets, and I no longer get error messages about discarding AFS
tokens, but I silently lose access rights in AFS.

Like if I
$ kinit admin
admin@<REALM>'s Password: 
$ afslog
$ klist
Credentials cache: FILE:/tmp/krb5cc_58409
        Principal: admin@<REALM>

  Issued           Expires          Principal
Sep 14 18:34:39  Sep 15 04:34:37  krbtgt/<REALM>@<REALM>
Sep 14 18:34:43  Sep 15 04:34:37  afs@<REALM>
$ fs listacl /afs/<cell>
fs: You don't have the required access rights on '/afs/<cell>/'

Strangely, though, I can use bos and pts:

$ pts listentries
Name                          ID  Owner Creator
anonymous                  32766   -204    -204 
admin                          1   -204   32766 
kalle                          2   -204       1 
afsuser                        3   -204       1 
$ pts examine admin
Name: admin, id: 1, owner: system:administrators, creator: anonymous,
  membership: 1, flags: S----, group quota: unlimited.
$ bos listusers <server>
SUsers are: admin 

Which I suppose I shouldn't be able to do if I wasn't correctly
authorized? I'm probably doing some stupid mistake, but I can't figure out
what... Any suggestions appreciated!

Oh, yes: I'm not entirely sure what I was doing when things stopped
working, but guesses are either removing keys from the AFS keyfile (which
I later added back) or changing the password for the test user
"afsuser". I understand this might indicate salting problems. If so, how
do I solve them? Also note that I only changed one password, but all
accounts stopped working.

Thanks for your patience,
  Kalle Svensson