[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ktutil and afs-KeyFile



I try to setup an afs-server in cell elis.ugent.be using the heimdal krb5 
kaserver in a realm that is different from the cell name: REALM.ELIS.UGENT.BE
I create the KeyFile as described in  
http://www.h5l.se/manual/HEAD/info/heimdal.html#Setting-up-a-realm 

kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@elis.ugent.be
kadmin: ext afs@elis.ugent.be: Principal does not exist

I think there is a small error in the documentation on the web:
kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@My.CELL.NAME
should read
kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@My.REALM

=>
kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@REALM.ELIS.UGENT.BE

I want to check if the KeyFile realy contains the key for 
afs@REALM.ELIS.UGENT.BE:

# ktutil copy AFSKEYFILE:/usr/afs/etc/KeyFile FILE:/tmp/afs.keytab
# ktutil -k /tmp/afs.keytab list
/tmp/afs.keytab:
Vno  Type         Principal
  1  des-cbc-md5  afs/elis.ugent.be@ELIS.UGENT.BE

This is the wrong principal!

I tried it the other way:
# ktutil  -k AFSKEYFILE:KeyFile get -p admin/admin  afs@REALM.ELIS.UGENT.BE
with exactly the same result.


How can I create the correct KeyFile?

-- 
Ronny Blomme
http://www.elis.UGent.be/RonnyBlomme

***********************************************************************
This e-mail and/or its attachments may contain confidential information.
It is intended solely for the intended addressee(s). Any use of the
information contained herein by other persons is prohibited.
Both IMEC vzw and Ghent University do not accept any liability for the
contents of this mail and/or its attachments.

PGP signature