Re: [OpenAFS] Re: aklog carps Couldn't determine realm of user

Wed, 21 Dec 2016 22:08:22 -0800 

Heimdal set the ticket up..(I think)
So how does one login krbtgt?
PS making progress on the glibc/swig bug
Suse Leap uses glibc 2.22 the current is 2.24, offhand I suspect  something 
like a missing .align 64
tedc

[email protected]'s Password:
ookpik:/data1/openafs-1.8.0pre1 # klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: [email protected]

  Issued                Expires        Principal
Dec 21 21:52:59 2016  >>>Expired<<<  krbtgt/[email protected]


kadmin> get krbtgt*
            Principal: krbtgt/[email protected]
    Principal expires: never
     Password expires: never
 Last password change: 2016-12-17 01:03:08 UTC
      Max ticket life: unlimited
   Max renewable life: unlimited
                 Kvno: 1
                Mkvno: unknown
Last successful login: never
    Last failed login: never
   Failed login count: 0
        Last modified: 2016-12-17 01:03:08 UTC
             Modifier: kadmin/[email protected]
           Attributes:
             Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], 
des3-cbc-sha1(pw-salt)[1], arcfour-hmac-md5(pw-salt)[1]
          PK-INIT ACL:
              Aliases:

            Principal: krbtgt/[email protected]
    Principal expires: never
     Password expires: never
 Last password change: 2016-12-20 00:29:08 UTC
      Max ticket life: unlimited
   Max renewable life: unlimited
                 Kvno: 1
                Mkvno: unknown
Last successful login: never
    Last failed login: never
   Failed login count: 0
        Last modified: 2016-12-20 00:29:08 UTC
             Modifier: kadmin/[email protected]
           Attributes:
             Keytypes: aes256-cts-hmac-sha1-96(pw-salt)[1], 
des3-cbc-sha1(pw-salt)[1], arcfour-hmac-md5(pw-salt)[1]
          PK-INIT ACL:
              Aliases:


________________________________________
From: Michael Meffie <[email protected]>
Sent: Wednesday, December 21, 2016 6:15:58 AM
To: Ted Creedon
Cc: [email protected]
Subject: Re: [OpenAFS] Re: aklog carps  Couldn't determine realm of user

On Wed, 21 Dec 2016 02:21:13 +0000
Ted Creedon <[email protected]> wrote:

> if
> KRB5CCNAME="FILE:/tmp/krb5cc_0"
> is set
>
> one gets:
>
> aklog -d
> Authenticating to cell creedon.biz (server ookpik.creedon.biz).
> Trying to authenticate to user's realm CREEDON.BIZ.
> Getting tickets: afs/[email protected]
> Kerberos error code returned by get_cred : -1765328352
> aklog: Couldn't get creedon.biz AFS tickets:
> aklog: Ticket expired while getting AFS tickets

Thanks for testing 1.8.0pre1 Ted.  That error code indicates
the ticket has expired,

krb5 error -1765328352 = KRB5KRB_AP_ERR_TKT_EXPIRED

What does klist show?

Thanks,
Mike



_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to