[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

afslog doesn't give tokens



Hi,
  our site has now firewall installed. krb4 has been moved to krb5
(heimdal) ... I can get my tickets using kinit:

# /usr/heimdal/bin/klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: mmokrejs@NATUR.CUNI.CZ

  Issued           Expires          Principal
May  3 10:25:58  May  3 11:23:50  krbtgt/NATUR.CUNI.CZ@NATUR.CUNI.CZ
May  3 10:25:58  May  3 11:23:50  afs@NATUR.CUNI.CZ
May  3 10:26:07  May  3 11:23:50  afs/natur.cuni.cz@NATUR.CUNI.CZ
# /usr/afs/bin/tokens

Tokens held by the Cache Manager:

   --End of list--
#

Running afslog while capturinh data by tcpdump, I see connections to port
4444 (udp) on KDC. What services is that and which ports are required for
the reply from KDC back to client through firewall? I didn't configure
the KDC server, but I believe it's not compiled in krb4 nor kaserver mode.


11:17:17.559537 IP client.natur.cuni.cz.35441 > kdc.natur.cuni.cz.4444: UDP, length: 252


Do we have to regenerate afs keys?

Does the client have to have regenerated rcmd host key?
Yes, it's IP address has changed.

TIA
-- 
Martin Mokrejs <mmokrejs@natur.cuni.cz>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs