[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with klog

On 19 Sep 2000, Love wrote:

> Pär Aronsson <par.aronsson@nohup.se> writes:
> > We have managed to get AFS and Heimdal to accept each other, but klog
> > doesn't work.
> You can compile heimdal with ka-server support (--enable-kaserver) and then
> run the kdc with the argument -K.

To be more precise, it waits for a while and then responds:
Unable to authenticate to AFS because Authentication Server was unavailable.

This happens whether kdc is run with -K or not.
kinit + afslog works, but not transarc klog{,.krb}.

By the way, from man kdc, I get the impression that -K would disable
kaserver support:
     -K, --no-kaserver
             Disables kaserver emulation (in case it's compiled in).

> You should make sure you have a afs3 salted key for your principal, set
> [kadmin]default_keys to make sure you get one.

The user principal seems to have that:
         Keytypes(salts): des-cbc-md5(pw-salt), des-cbc-md4(pw-salt),
des-cbc-crc(pw-salt), des-cbc-md5(afs3-salt), des-cbc-md4(afs3-salt),

The weird thing is that tha principal afs doesn't:
         Keytypes(salts): des-cbc-md5(pw-salt), des-cbc-md4(pw-salt),

This principal was added by running string2key -a and then using the key
in kadmin add --key=<key> afs.

Could this be the cause of the problem?