Problems getting an AFS keyfile

[Torbjörn Moa <moa@physto.se>]

Hi,

I am installing Kerberos V and AFS simultaneously. In order to get an
AFS key I have done the following:

# /usr/heimdal/sbin/kadmin
kadmin> add -r afs
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
kadmin> ext --keytab=/tmp/afs.keytab afs
kadmin> exit
# cd /usr/afs/etc
# rm KeyFile
# /usr/heimdal/sbin/ktutil -v copy FILE:/tmp/afs.keytab
AFSKEYFILE:KeyFile
copying afs@PHYSTO.SE
copying afs@PHYSTO.SE
copying afs@PHYSTO.SE
ktutil: krb5_kt_add_entry: End of credential cache reached
# od KeyFile
0000000
#

so, the KeyFile comes out rather empty. Now, I don't know if this is a
bug, a feature, or just a mistake in my setup. Does anyone else know?
What is the best way to get an AFS+heimdal installation working, given
that neither has been installed before so there are no databases to
convert etc?

I have built heimdal with "--with-krb4=/usr/athena --enable-kaserver
--enable-kaserver-db" on a Dunix Alpha. My krb5.conf currently looks
like this:

[libdefaults]
        default_realm = PHYSTO.SE
[realms]
        PHYSTO.SE = {
                kdc = kdc.physto.se
                admin_server = kerberos.physto.se
        }
[domain_realm]
        .physto.se = PHYSTO.SE
[kdc]
        enable-kerberos4 = yes
        v4-realm = PHYSTO.SE
        enable-kaserver = yes

but I have tried a lot of different options in there with no difference
in the end result.


             Cheers,


               Torbjorn


PS. Currently I am using (well,trying to...) OpenAFS, since it's there.
I could try arla, of course, but I don't think it would make any
diffrence in the above. Or...?