[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
How to create afs KeyFile with ktutil.
Hi,
I'm trying to set up afs cell with heimdal (Heimdal 0.5.1, KTH-KRB 1.2.1)
and OpenAFS 1.2.7 on Solaris.
I've kerberos realm and created afs principial for the cell with
Keytypes(salttype[(salt-value)]): des-cbc-crc(pw-salt), des-cbc-md4(pw-salt),
des-cbc-md5(pw-salt), des3-cbc-sha1(pw-salt)
I've copied the afs key to krb5.keytab and ktutil list gives:
FILE:/etc/krb5.keytab:
Vno Type Principal
1 des-cbc-crc host/sarabi.netia.se@NETIA.SE
1 des-cbc-md4 host/sarabi.netia.se@NETIA.SE
1 des-cbc-md5 host/sarabi.netia.se@NETIA.SE
1 des3-cbc-sha1 host/sarabi.netia.se@NETIA.SE
1 des-cbc-crc afs@NETIA.SE
1 des-cbc-md4 afs@NETIA.SE
1 des-cbc-md5 afs@NETIA.SE
1 des3-cbc-sha1 afs@NETIA.SE
krb4:/etc/srvtab:
Vno Type Principal
1 des-cbc-md5 host/sarabi.netia.se@NETIA.SE
1 des-cbc-md4 host/sarabi.netia.se@NETIA.SE
1 des-cbc-crc host/sarabi.netia.se@NETIA.SE
1 des-cbc-md5 afs@NETIA.SE
1 des-cbc-md4 afs@NETIA.SE
1 des-cbc-crc afs@NETIA.SE
I've copied the afs key to KeyFile with
ktutil copy /etc/krb5.keytab AFSKEYFILE:/etc/openafs/server/KeyFile
( btw ktutil doesn't looks for ThisCell in /etc/openafs )
but I can't list with ktutil
ktutil -k /etc/openafs/server/KeyFile list
ktutil: krb5_kt_start_seq_get /etc/openafs/server/KeyFile: Unsupported key table format version number
While trying to use the tokens I get
rxk: security object was passed a bad ticket
klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: gunnar/admin@NETIA.SE
Issued Expires Principal
Dec 13 22:30:06 Dec 14 08:30:06 krbtgt/NETIA.SE@NETIA.SE
Dec 13 22:30:06 Dec 14 08:30:06 afs@NETIA.SE
Dec 13 22:39:27 Dec 13 23:39:27 kadminådmin@NETIA.SE
V4-ticket file: /tmp/tkt0
Principal: gunnar.admin@NETIA.SE
Issued Expires Principal
Dec 13 22:30:06 Dec 14 08:30:06 krbtgt.NETIA.SE@NETIA.SE
# vos listvldb
VLDB entries for all servers
Could not access the VLDB for attributes
rxk: security object was passed a bad ticket