Hi there! I had this working before, but had to rebuild, and I can't seem to remember seeing this issue last time:
$ kinit Password for [email protected]: $ klist Ticket cache: FILE:/var/krb5/security/creds/krb5cc_204 Default principal: [email protected] Valid starting Expires Service principal 05/03/23 08:28:01 05/03/23 18:28:01 krbtgt/[email protected] renew until 05/04/23 08:27:57 $ aklog -d Authenticating to cell mydomain.com (server aix61bld01). Trying to authenticate to user's realm AD.MYDOMAIN.COM. Getting tickets: afs/[email protected] Using Kerberos V5 ticket natively About to resolve name adUser to id in cell mydomain.com. Id 204 Setting tokens. adUser @ mydomain.com aklog: a pioctl failed while setting tokens for cell mydomain.com I don't recall seeing the pioctl error before... Here's some details on the AFS kerberos config: $ cat /opt/openafs/etc/openafs/server/krb.conf AD.MYDOMAIN.COM $ /usr/krb5/sbin/ktutil ktutil: rkt /opt/openafs/etc/openafs/server/rxkad.keytab ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 5 afs/[email protected] (arcfour-hmac) 2 5 afs/[email protected] (aes256-cts-hmac-sha1-96) 3 5 afs/[email protected] (aes128-cts-hmac-sha1-96) ktutil: quit $ asetkey list All done. Interesting, can't read that info as the user. Let's try root: $ ^D # asetkey list rxkad_krb5 kvno 5 enctype 17; key is: blahblahblah rxkad_krb5 kvno 5 enctype 18; key is: blahblahblahblahblahblah rxkad_krb5 kvno 5 enctype 23; key is: blahblahblah All done. I didn't change the krb5.conf on this system from before when it was working, so I'm going to assume that is fine. I can post if needed, but from the above it looks like kinit is working, so the problem seems to be on the OpenAFS side. Also, yes, the kernel extension is loaded. Any idea what the pioctl error is about and how to solve? Thanks in advance! -Ben
