[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AFS and keytab

I'm not certain if this question belongs here or in the AFS list.

I'm having problems using a keytab file with AFS acls.  I created a
host/keytab and extracted the keytab using ktutil on the host.  I
verified it with "ktutil list"

I make a call to kinit, get the host creds and try to copy a file from a
restricted directory in AFS.  I get Permission denied on this.  I can
see the creds with klist, and I've permitted the host in the directory
with the acl.  Can someone please tell me where I'm going wrong.  Thank
you for your help.


Here is the simple script:
#! /bin/sh

/usr/heimdal/bin/kinit -k  host/mimas.server.rpi.edu
sleep 05
/bin/cp /afs/rpi.edu/somedir/file /var/admin/
/bin/cp /afs/rpi.edu/somedir/filetoo /var/admin/

Here's the output

sh-3.00# ./host.kinit
kinit: NOTICE: ticket renewable lifetime is 1 week
/bin/cp: cannot stat `/afs/rpi.edu/somedir/file': Permission denied
/bin/cp: cannot stat `/afs/rpi.edu/somedir/filetoo': Permission denied
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: host/mimas.server.rpi.edu@RPI.EDU

  Issued           Expires          Principal
Feb 12 14:48:40  Feb 13 00:48:40  krbtgt/RPI.EDU@RPI.EDU
Feb 12 14:48:40  Feb 13 00:48:40  afs@RPI.EDU

   V4-ticket file: /tmp/tkt0
        Principal: rcmd.mimas@RPI.EDU

  Issued           Expires          Principal
Feb 12 14:48:40  Feb 13 00:48:40  krbtgt.RPI.EDU@RPI.EDU

veritatis simplex oratio est

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809