wheezy, heimdal, openafs, possibly key problems
I'm trying to set up an OpenAFS fileserver and a Heimdal kdc, both
running on a single wheezy box.
Versions are as of today:
But there is a problem with the afs KeyFile, it has the wrong kvno and
although the kdc provides a kerberos ticket for afs for the admin
user, this gives no rights to make changes in (the emerging) afs
The Heimdal kdc is working fine for other purposes, login, HTTP etc.
Created an afs principal with kadmin -l:
add -r afs/example.org@EXAMPLE.ORG
add_enctype -r afs/example.org@EXAMPLE.ORG des-cbc-md5
ext -k AFSKEYFILE:/etc/openafs/server/KeyFile afs/example.org@EXAMPLE.ORG
Also have an admin principal created with
and configured to get all rights in /etc/heimdal-kdc/kadmind.acl
Configuration is also added to the libdefaults section of /etc/krb5.conf:
allow_weak_crypto = true
Packages needed are openafs-dbserver, openafs-fileserver,
openafs-client and openafs-modules-dkms.
Packages install goes fine
afs-newcell creates the stuff needed so far
kinit test/admin@EXAMPLE.ORG gives a TGT and a AFS ticket.
Now afs-rootvol fails because there is not permission to create stuff
in afs, without a useful error message. However,
and other bos commands reports that the kvno of the afs token is wrong.
Is this a bug or a misconfiguration?