[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AFS and keytab
I'm not certain if this question belongs here or in the AFS list.
I'm having problems using a keytab file with AFS acls. I created a
host/keytab and extracted the keytab using ktutil on the host. I
verified it with "ktutil list"
I make a call to kinit, get the host creds and try to copy a file from a
restricted directory in AFS. I get Permission denied on this. I can
see the creds with klist, and I've permitted the host in the directory
with the acl. Can someone please tell me where I'm going wrong. Thank
you for your help.
Can
Here is the simple script:
#! /bin/sh
/usr/heimdal/bin/kinit -k host/mimas.server.rpi.edu
sleep 05
/bin/cp /afs/rpi.edu/somedir/file /var/admin/
/bin/cp /afs/rpi.edu/somedir/filetoo /var/admin/
/usr/heimdal/bin/klist
Here's the output
sh-3.00# ./host.kinit
kinit: NOTICE: ticket renewable lifetime is 1 week
/bin/cp: cannot stat `/afs/rpi.edu/somedir/file': Permission denied
/bin/cp: cannot stat `/afs/rpi.edu/somedir/filetoo': Permission denied
Credentials cache: FILE:/tmp/krb5cc_0
Principal: host/mimas.server.rpi.edu@RPI.EDU
Issued Expires Principal
Feb 12 14:48:40 Feb 13 00:48:40 krbtgt/RPI.EDU@RPI.EDU
Feb 12 14:48:40 Feb 13 00:48:40 afs@RPI.EDU
V4-ticket file: /tmp/tkt0
Principal: rcmd.mimas@RPI.EDU
Issued Expires Principal
Feb 12 14:48:40 Feb 13 00:48:40 krbtgt.RPI.EDU@RPI.EDU
--
veritatis simplex oratio est
Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415 fax: 518 276-2809
http://www.rpi.edu/~bacchi/